=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2008/VULN568
_____________________________________________________________________

DATE                      : 09/12/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running PunBB versions prior to 1.3.2.

======================================================================
http://punbb.informer.com/forums/topic/20475/punbb-132/
______________________________________________________________________

PunBB 1.3.2 has been released. Apart from minor bugs, the following
security flaws have been resolved (reported by Stefan Esser):

    * an XSS vulnerability in login.php;
    * a possible SQL-injection in the the admin settings page with
permission config values;
    * a possible SQL-injection in the the admin users page.

As usual, security hotfixes for versions 1.3 and 1.3.1 have been released.

Downloads: get the latest PunBB on Downloads page or via Subversion repository.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================