vendor:
PunBB
by:
SecurityFocus
7.5
CVSS
HIGH
Multiple Input Validation Vulnerabilities
20
CWE
Product Name: PunBB
Affected Version From: PunBB 1.2.13
Affected Version To: PunBB 1.2.13 and prior versions
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006
PunBB Multiple Input Validation Vulnerabilities
PunBB is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may exploit these issues to execute arbitrary script code in the context of the webserver process or to pass malicious input to database queries, resulting in the modification of query logic or other attacks. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Mitigation:
Input validation should be used to ensure that untrusted data is not passed to the application. All input data should be validated and filtered for malicious content.
