Vulnerabilities > CVE-2005-0631 - Unspecified vulnerability in Pblang
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN pblang
nessus
Summary
delpm.php in PBLang 4.63 allows remote authenticated users to delete arbitrary PM files by modifying the "id" and "a" parameters.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 4 |
Nessus
| NASL family | CGI abuses |
| NASL id | PBLANG_XSS.NASL |
| description | According to its banner, the remote host is running a version of PBLang BBS, a bulletin board system written in PHP, that suffers from the following vulnerabilities: - HTML Injection Vulnerability in pmpshow.php. An attacker can inject arbitrary HTML and script into the body of PMs sent to users allowing for theft of authentication cookies or misrepresentation of the site. - Cross-Site Scripting Vulnerability in search.php. If an attacker can trick a user into following a specially crafted link to search.php from an affected version of PBLang, he can inject arbitrary script into the user |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 17209 |
| published | 2005-02-24 |
| reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/17209 |
| title | PBLang BBS <= 4.65 Multiple Vulnerabilities |
References
- http://marc.info/?l=bugtraq&m=110970738214608&w=2
- http://marc.info/?l=bugtraq&m=110970738214608&w=2
- http://pblforum.drmartinus.de/post.php?cat=2&fid=2&pid=42&page=1
- http://pblforum.drmartinus.de/post.php?cat=2&fid=2&pid=42&page=1
- http://www.securityfocus.com/bid/12694
- http://www.securityfocus.com/bid/12694
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19552
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19552