CVE-2005-2193

Published: Jul 11, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-supplied portions of the array from being properly escaped.

Affected (18)

Products: Punbb: Punbb

Punbb

1 product

Punbb

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Punbb Punbb	Version 1.0.1
Punbb Punbb	Version 1.0
Punbb Punbb	Version 1.0_alpha
Punbb Punbb	Version 1.0_beta1
Punbb Punbb	Version 1.0_beta2
Punbb Punbb	Version 1.0_beta3
Punbb Punbb	Version 1.0_rc1
Punbb Punbb	Version 1.0_rc2
Punbb Punbb	Version 1.1.1
Punbb Punbb	Version 1.1.2
Punbb Punbb	Version 1.1.3
Punbb Punbb	Version 1.1.4
Punbb Punbb	Version 1.1.5
Punbb Punbb	Version 1.1
Punbb Punbb	Version 1.2.1
Punbb Punbb	Version 1.2.2
Punbb Punbb	Version 1.2.3
Punbb Punbb	Version 1.2.4

References (6)

http://marc.info/?l=bugtraq&m=112084384928950&w=2

Source: cve@mitre.org

http://www.hardened-php.net/advisory-082005.php

Source: cve@mitre.org

PatchVendor Advisory

http://www.punbb.org/

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=112084384928950&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.hardened-php.net/advisory-082005.php

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.punbb.org/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.