QwikSec

Security Database

CVE

CWE

Training

CVE-2005-2571

Published: Aug 16, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the (1) admin/mysql_install.php and (2) admin/pg_install.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.funkboard.co.uk/forum/thread.php?id=265

x_refsource_CONFIRM

20050808 FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution

mailing-list

x_refsource_BUGTRAQ

20050813 Re: FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.