ID de Prueba:	1.3.6.1.4.1.25623.1.0.80080
Categoría:	Web application abuses
Título:	PunBB language Parameter Local File Include Vulnerability
Resumen:	The remote web server contains the PHP script PunBB that is; affected by a local file include issue.
Descripción:	Summary: The remote web server contains the PHP script PunBB that is affected by a local file include issue. Vulnerability Insight: The version of PunBB installed on the remote host fails to sanitize input to the 'language' parameter before storing it in the 'register.php' script as a user's preferred language setting. Vulnerability Impact: By registering with a specially-crafted value, an attacker can leverage this issue to view arbitrary files and possibly execute arbitrary code on the affected host. Solution: Update to version 1.2.14 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-5735 Bugtraq: 20061030 Punbb <= 1.2.13 Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/450055/100/0/threaded http://www.wargan.org/index.php/2006/10/29/4-punbb-1213-multiple-vulnerabilities http://www.osvdb.org/30132 http://securitytracker.com/id?1017131 http://secunia.com/advisories/22622 http://securityreason.com/securityalert/1824 http://www.vupen.com/english/advisories/2006/4256
Copyright	Copyright (C) 2008 Justin Seitz

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.