SecWatch.org: CJ Tag Board Multiple Parameter Handling PHP Code Injection Vulnerabilities

Wed, 30 Aug 2006 08:18:29 -0500

According to this posting on the SecWatch board today, there are some issues with the CJ Tag Board software that allow for code injection issues.

Multiple input validation vulnerabilities in CJ Tag Board have been reported, which can be exploited by remote users to compromise a vulnerable system.

The issue comes from improperly filtered user input for the "User-Agent" HTTP header and the "banned" parameter for the admin side. This issue effects CJ Tag Board version 3.0. No update or patch has been posted as of yet to correct this issue.

PHPDeveloper.org

SecWatch.org: CJ Tag Board Multiple Parameter Handling PHP Code Injection Vulnerabilities