CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 2CVE-2009-2786 – PunBB Reputation.php Mod 2.0.4 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-2786
SQL injection vulnerability in reputation.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the poster parameter. Vulnerabilidad de inyección SQL en reputation.php en el plugin Reputation v2.2.4, v2.2.3, v2.0.4, y anteriores para PunBB, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro poster. • https://www.exploit-db.com/exploits/9289 http://osvdb.org/56612 http://secunia.com/advisories/36020 http://www.exploit-db.com/exploits/9289 https://exchange.xforce.ibmcloud.com/vulnerabilities/52088 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 3CVE-2009-2787 – PunBB Reputation.php Mod 2.0.4 - Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-2787
Directory traversal vulnerability in include/reputation/rep_profile.php in the Reputation plugin 2.2.4, 2.2.3, 2.0.4, and earlier for PunBB, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pun_user[language] parameter. Vulnerabilidad de salto de directorio en include/reputation/rep_profile.php en el plugin Reputation v2.2.4, v2.2.3, v2.0.4, y anteriores para PunBB, cuando está habilitado register_globals y está deshabilitado magic_quotesgpc, permite a atacantes remotos incluir y ejecutar ficheros locales de su elección al utilizar caracteres .. (punto punto) en el parámetro pun_user[language]. • https://www.exploit-db.com/exploits/9315 http://osvdb.org/56613 http://packetstormsecurity.org/0907-exploits/punbbrep-lfi.txt http://secunia.com/advisories/36020 http://www.exploit-db.com/exploits/9315 https://exchange.xforce.ibmcloud.com/vulnerabilities/52138 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •