Vulnerabilities > CVE-2005-0569 - Remote Input Validation vulnerability in Punbb 1.2.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) language parameter to register.php, (2) change email feature in profile.php, (3) posts or (4) topics parameter to moderate.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | PunBB 3.0/3.1 Multiple Remote Input Validation Vulnerabilities. CVE-2005-0569. Webapps exploit for php platform |
| id | EDB-ID:25160 |
| last seen | 2016-02-03 |
| modified | 2005-02-24 |
| published | 2005-02-24 |
| reporter | John Gumbel |
| source | https://www.exploit-db.com/download/25160/ |
| title | PunBB 3.0/3.1 - Multiple Remote Input Validation Vulnerabilities |
Nessus
| NASL family | CGI abuses |
| NASL id | PUNBB_INPUT_VALIDATION_VULNS.NASL |
| description | The remote host is running a version of PunBB that fails to properly sanitize user-input to several scripts thereby enabling an attacker to launch various SQL injection attacks. In addition, the profile.php script enables anyone to call the change_pass action while specifying the id of an existing user to set their password to NULL, effectively shutting them out of the system. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 17224 |
| published | 2005-02-26 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/17224 |
| title | PunBB < 1.2.2 Multiple Input Validation Vulnerabilities |