PunBB profile.php Arbitrary User Password Manipulation
Remote / Network Access
Denial of Service
Loss of Availability
PunBB contains a flaw that may allow a remote attacker to arbitrarily manipulate user passwords. The issue is triggered due to improper validation of user-supplied input upon submission to the 'profile.php' script. It is possible that the flaw may allow a remote attacker to arbitrary manipulate user passwords resulting in a loss of availability.
Upgrade to version 1.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.