| Release Date | Jan 04, 2008 |
| Severity | High |
| Impact | System compromise. |
| Description | This indicates an attempt to exploit a local file inclusion vulnerability in PunBB.
PunBB has a local file inclusion vulnerability. It may allow a remote attacker to execute arbitrary scripts on a web server, with the privileges of the server. This can be accomplished via a specially crafted URL request to the 'register.php' script, using the 'language' parameter to specify a malicious PHP file from a remote system. |
| Affected Products | PunBB version 1.2.13 and prior. |
| Recommended Actions | Upgrade to PunBB version 1.2.14 :
http://bfexplorer.sourceforge.net/downloads.php |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-5735
|
| Reference/s | http://www.vupen.com/english/advisories/2006/4256 (FrSIRT)
|