Shodan
Vulnerabilities
Vulnerable Software
Punbb:  >> Punbb  >> 1.3  Security Vulnerabilities
CVE-2011-3371
Multiple cross-site scripting (XSS) vulnerabilities in include/functions.php in PunBB before 1.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) form_sent, (3) csrf_token, (4) req_confirm, or (5) delete parameter to delete.php, the (6) id, (7) form_sent, (8) csrf_token, (9) req_message, or (10) submit parameter to edit.php, the (11) action, (12) form_sent, (13) csrf_token, (14) req_email, or (15) request_pass parameter to login.php, the (16) email, (17) form_sent, (18) redirect_url, (19) csrf_token, (20) req_subject, (21) req_message, or (22) submit parameter to misc.php, the (23) action, (24) id, (25) form_sent, (26) csrf_token, (27) req_old_password, (28) req_new_password1, (29) req_new_password2, or (30) update parameter to profile.php, or the (31) action, (32) form_sent, (33) csrf_token, (34) req_username, (35) req_password1, (36) req_password2, (37) req_email1, (38) timezone, or (39) register parameter to register.php.
CVSS Score
4.3
EPSS Score
0.005
Published
2011-10-02
CVE-2009-4894
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail.
CVSS Score
4.3
EPSS Score
0.003
Published
2010-06-15
CVE-2010-0455
Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter.
CVSS Score
4.3
EPSS Score
0.003
Published
2010-01-28
CVE-2008-5433
Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the password field.
CVSS Score
4.3
EPSS Score
0.003
Published
2008-12-11
CVE-2008-5434
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php.
CVSS Score
6.5
EPSS Score
0.006
Published
2008-12-11
CVE-2008-5435
Cross-site scripting (XSS) vulnerability in moderate.php in PunBB before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via a topic subject.
CVSS Score
4.3
EPSS Score
0.003
Published
2008-12-11


Products
Pricing
Contact Us

Shodan ® - All rights reserved