Security Advisory
CVE-2008-5434
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php.