Vulnerabilities > CVE-2007-2236 - Unspecified vulnerability in Punbb
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute PHP code from an uploaded avatar file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://dev.punbb.org/changeset/937
- http://dev.punbb.org/changeset/937
- http://secunia.com/advisories/24843
- http://secunia.com/advisories/24843
- http://securityreason.com/securityalert/2613
- http://securityreason.com/securityalert/2613
- http://www.acid-root.new.fr/advisories/13070411.txt
- http://www.acid-root.new.fr/advisories/13070411.txt
- http://www.securityfocus.com/archive/1/465338/100/100/threaded
- http://www.securityfocus.com/archive/1/465338/100/100/threaded
- http://www.securityfocus.com/archive/1/465400/100/100/threaded
- http://www.securityfocus.com/archive/1/465400/100/100/threaded
- http://www.vupen.com/english/advisories/2007/1362
- http://www.vupen.com/english/advisories/2007/1362