PBBoard Community Forum version 2.1.4 suffers from SQL injection, improper authentication and improper access control vulnerabilities.
- SQL injection: Input passed via the "username", "email", "password", "section", "section_id", "member_id", "subjectid" POST parameters to "index.php" script is not properly sanitised before being used in a SQL query.
- Improper Authentication: PBBoard permits to change password of any board member due to absence of any verification of user-supplied "member_id" POST parameter in the password change script.
- Improper Access Control: Input passed via the "xml_name" POST parameter to "admin.php" is not properly sanitised before being used as a name of a newly created file.
Vulnerability ID: HTB23101
Vendor Notification / Patch / Public Disclosure Dates: July 18 / August 6 / August 8, 2012
Vulnerabilities Type: SQL injection, improper authentication , improper access control
Risk level: Medium
Solution Status: Fixed by Vendor, Apply 5-8-2012 Security Patch (http://www.pbboard.com/forums/index.php?page=download&attach=1&id=4984)
You can find full text with additional conditions and PoC-examples on HTB advisory page: PBBoard multiple vulnerabilities.
No comments:
Post a Comment