PunBB register.php, profile.php, and moderate.php scripts SQL injection

punbb-multiple-sql-injection (19473) The risk level is classified as MediumMedium Risk

Description:

PunBB is vulnerable to SQL injection in the register.php, profile.php, and moderate.php scripts. A remote attacker could send a specially-crafted URL request to the register.php script containing SQL code in the language or email parameter, or to the profile.php script containing SQL code in the email address field, which is not properly verified by the is_valid_email function, to add, modify or delete data in the backend database. A moderator or administrator of PunBB could supply a specially-crafted URL request to the moderate.php script containing SQL code in one of multiple parameters, to add, modify or delete data in the backend database.

NOTE: Systems with the magic_quotes_gpc option enabled in php.ini are vulnerable. Reportedly, BLOG:CMS versions prior to 3.6.2 are also vulnerable.

Platforms Affected:

  • PHP, BLOG CMS 4.0.0d
  • PunBB, PunBB 1.2
  • PunBB, PunBB 1.2.1

Remedy:

Upgrade to the latest version of PunBB (1.2.2 or later), available from the PunBB Web site. See References.

Consequences:

Data Manipulation

References:

  • BugTraq Mailing List, Thu Feb 24 2005 - 14:21:09 CST , Multiple vulns in punBB at http://archives.neohapsis.com/archives/bugtraq/2005-02/0430.html.
  • PunBB.org Web site, PunBB.org Web site at http://www.punbb.org/.
  • BID-12652: PunBB Multiple Remote Input Validation Vulnerabilities
  • CVE-2005-0569: Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) language parameter to register.php, (2) change email feature in profile.php, (3) posts or (4) topics parameter to moderate.php.
  • CVE-2005-2193: SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-supplied portions of the array from being properly escaped.
  • SA14394: PunBB Multiple Vulnerabilities
  • SA14538: BLOG:CMS PunBB SQL Injection Vulnerabilities

Reported:

Feb 24, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page