Test Kennung:	1.3.6.1.4.1.25623.1.0.80080
Kategorie:	Web application abuses
Titel:	PunBB language Parameter Local File Include Vulnerability
Zusammenfassung:	The remote web server contains the PHP script PunBB that is; affected by a local file include issue.
Beschreibung:	Summary: The remote web server contains the PHP script PunBB that is affected by a local file include issue. Vulnerability Insight: The version of PunBB installed on the remote host fails to sanitize input to the 'language' parameter before storing it in the 'register.php' script as a user's preferred language setting. Vulnerability Impact: By registering with a specially-crafted value, an attacker can leverage this issue to view arbitrary files and possibly execute arbitrary code on the affected host. Solution: Update to version 1.2.14 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	BugTraq ID: 20786 Common Vulnerability Exposure (CVE) ID: CVE-2006-5735 Bugtraq: 20061030 Punbb <= 1.2.13 Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/450055/100/0/threaded http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities http://www.osvdb.org/30132 http://securitytracker.com/id?1017131 http://secunia.com/advisories/22622 http://securityreason.com/securityalert/1824 http://www.vupen.com/english/advisories/2006/4256
Copyright	Copyright (C) 2008 Justin Seitz

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.