PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| punbb | punbb | 1.2.9 |
| punbb | punbb | 1.2.5 |
| f-art_agency | blog_cms | 4.0.0 |
| f-art_agency | blog_cms | 3.1.3 |
| punbb | punbb | 1.2.6 |
| f-art_agency | blog_cms | 4.0.0a |
| f-art_agency | blog_cms | 4.0.0c |
| punbb | punbb | 1.2.1 |
| punbb | punbb | 1.2.4 |
| f-art_agency | blog_cms | 3.1.2 |
| f-art_agency | blog_cms | 3.6.2 |
| f-art_agency | blog_cms | 3.1.4 |
| f-art_agency | blog_cms | 4.0.0b |
| f-art_agency | blog_cms | 4.0.0d |
| punbb | punbb | 1.2.2 |
| punbb | punbb | 1.2.3 |
| punbb | punbb | 1.2.7 |
| f-art_agency | blog_cms | 3.0 |
| f-art_agency | blog_cms | 3.1 |
| f-art_agency | blog_cms | 3.6.4 |
| punbb | punbb | 1.2.8 |
SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| f-art_agency | blog_cms | * |