PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a clients IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Blog_cms | F-art_agency | 3.0 (including) | 3.0 (including) |
| Blog_cms | F-art_agency | 3.1 (including) | 3.1 (including) |
| Blog_cms | F-art_agency | 3.1.2 (including) | 3.1.2 (including) |
| Blog_cms | F-art_agency | 3.1.3 (including) | 3.1.3 (including) |
| Blog_cms | F-art_agency | 3.1.4 (including) | 3.1.4 (including) |
| Blog_cms | F-art_agency | 3.6.2 (including) | 3.6.2 (including) |
| Blog_cms | F-art_agency | 3.6.4 (including) | 3.6.4 (including) |
| Blog_cms | F-art_agency | 4.0.0 (including) | 4.0.0 (including) |
| Blog_cms | F-art_agency | 4.0.0a (including) | 4.0.0a (including) |
| Blog_cms | F-art_agency | 4.0.0b (including) | 4.0.0b (including) |
| Blog_cms | F-art_agency | 4.0.0c (including) | 4.0.0c (including) |
| Blog_cms | F-art_agency | 4.0.0d (including) | 4.0.0d (including) |
| Punbb | Punbb | 1.2.1 (including) | 1.2.1 (including) |
| Punbb | Punbb | 1.2.2 (including) | 1.2.2 (including) |
| Punbb | Punbb | 1.2.3 (including) | 1.2.3 (including) |
| Punbb | Punbb | 1.2.4 (including) | 1.2.4 (including) |
| Punbb | Punbb | 1.2.5 (including) | 1.2.5 (including) |
| Punbb | Punbb | 1.2.6 (including) | 1.2.6 (including) |
| Punbb | Punbb | 1.2.7 (including) | 1.2.7 (including) |
| Punbb | Punbb | 1.2.8 (including) | 1.2.8 (including) |
| Punbb | Punbb | 1.2.9 (including) | 1.2.9 (including) |