3 matches found
CVE-2005-2193
SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-supplied portions of the array from being...
CVE-2005-2193
CVE-2005-2193 affects PunBB up to version 1.2.5, where the profile.php:temp parameter is not initialized/sanitized before being used in a database query, enabling remote SQL injection. The root cause is improper handling of the temp array, allowing attacker-controlled input to influence SQL state...
PunBB < 1.2.6 Multiple Vulnerabilities
The remote version of PunBB contains a flaw in its template system that can be exploited to read arbitrary local files or, if an attacker can upload a specially crafted avatar, to execute arbitrary PHP code. In addition, the application fails to sanitize the 'temp' parameter of the 'profile.php'...