SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a change_email action.
Software | From | Fixed in |
---|---|---|
punbb / punbb | 1.0 | 1.0.x |
punbb / punbb | 1.0_alpha | 1.0_alpha.x |
punbb / punbb | 1.0_beta1 | 1.0_beta1.x |
punbb / punbb | 1.0_beta2 | 1.0_beta2.x |
punbb / punbb | 1.0_beta3 | 1.0_beta3.x |
punbb / punbb | 1.0_rc1 | 1.0_rc1.x |
punbb / punbb | 1.0_rc2 | 1.0_rc2.x |
punbb / punbb | 1.0.1 | 1.0.1.x |
punbb / punbb | 1.1 | 1.1.x |
punbb / punbb | 1.1.1 | 1.1.1.x |
punbb / punbb | 1.1.2 | 1.1.2.x |
punbb / punbb | 1.1.3 | 1.1.3.x |
punbb / punbb | 1.1.4 | 1.1.4.x |
punbb / punbb | 1.1.5 | 1.1.5.x |
punbb / punbb | 1.2.1 | 1.2.1.x |
punbb / punbb | 1.2.2 | 1.2.2.x |
punbb / punbb | 1.2.3 | 1.2.3.x |
punbb / punbb | 1.2.4 | 1.2.4.x |