Vulnerabilities > CVE-2005-0630 - Directory Traversal vulnerability in PBLang Bulletin Board System

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
pblang
nessus

Summary

sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter.

Vulnerable Configurations

Part Description Count
Application
Pblang
4

Nessus

NASL familyCGI abuses
NASL idPBLANG_XSS.NASL
descriptionAccording to its banner, the remote host is running a version of PBLang BBS, a bulletin board system written in PHP, that suffers from the following vulnerabilities: - HTML Injection Vulnerability in pmpshow.php. An attacker can inject arbitrary HTML and script into the body of PMs sent to users allowing for theft of authentication cookies or misrepresentation of the site. - Cross-Site Scripting Vulnerability in search.php. If an attacker can trick a user into following a specially crafted link to search.php from an affected version of PBLang, he can inject arbitrary script into the user
last seen2020-06-01
modified2020-06-02
plugin id17209
published2005-02-24
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/17209
titlePBLang BBS <= 4.65 Multiple Vulnerabilities