Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4036

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-4036
Last Modified 28 Aug 2012 01:21:42
Published 27 Aug 2012 07:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4036

Summary

Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216.

Vulnerable Systems

Application

  • Pbboard 2.1.4


References

MISC - https://www.htbridge.com/advisory/HTB23101

XF - pbboard-admin-security-bypass(77508)

BID - 54916

MISC - http://www.pbboard.com/forums/t10353.html

MISC - http://www.pbboard.com/forums/t10352.html

SECUNIA - 50153

OSVDB - 84479


Last Updated: 27 May 2016 11:00:20