oss-sec mailing list archives

CVE request: Four issues in PunBB

From: Hanno Böck <hanno () hboeck de>
Date: Tue, 9 Dec 2008 13:52:15 +0100

Hi,

From
http://punbb.informer.com/

Fixed in 1.3.2:
    * an XSS vulnerability in login.php;
    * a possible SQL-injection in the the admin settings page with permission 
config values;
    * a possible SQL-injection in the the admin users page.


Fixed in 1.3.1:
    * XSS vulnerability via topic subjects in moderate.php is fixed (reported 
by PHPLizardo).



-- 
Hanno Böck              Blog:           http://www.hboeck.de/
GPG: 3DBD3B20           Jabber/Mail:    hanno () hboeck de

http://www.jukss.de/ Jugemdumweltkongress, 27.12.-4.1.

Attachment: signature.asc
Description: This is a digitally signed message part.

Current thread:

CVE request: Four issues in PunBB Hanno Böck (Dec 09)
- Re: CVE request: Four issues in PunBB Steven M. Christey (Dec 16)