Vulnerabilities > CVE-2005-0571 - Remote Security vulnerability in Punbb 1.2.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
admin_loader.php in PunBB 1.2.1 allows remote attackers to read arbitrary files via the plugin parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | PUNBB_INPUT_VALIDATION_VULNS.NASL |
| description | The remote host is running a version of PunBB that fails to properly sanitize user-input to several scripts thereby enabling an attacker to launch various SQL injection attacks. In addition, the profile.php script enables anyone to call the change_pass action while specifying the id of an existing user to set their password to NULL, effectively shutting them out of the system. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 17224 |
| published | 2005-02-26 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/17224 |
| title | PunBB < 1.2.2 Multiple Input Validation Vulnerabilities |