Lucene search
HistorySep 22, 2003 - 4:00 a.m.
CVE-2003-0770
cve-2003-0770
ikonboard
security
remote code execution
perl
eval
cookie vulnerability
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
High
0.049 Low
EPSS
Percentile
92.8%
FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the “lang” cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl “eval” statement.
Affected configurations
Node
ikonboard.comikonboardMatch3.1.1
ORikonboard.comikonboardMatch3.1.2a
| CPE | Name | Operator | Version |
|---|---|---|---|
| ikonboard.com:ikonboard | ikonboard.com ikonboard | eq | 3.1.1 |
| ikonboard.com:ikonboard | ikonboard.com ikonboard | eq | 3.1.2a |
Related
nessus
nessus
Ikonboard FUNC.pm lang Cookie Arbitrary Command Execution
2003-05-08 00:00:00
nvd
nvd
CVE-2003-0770
2003-09-22 04:00:00
cvelist
cvelist
CVE-2003-0770
2003-09-12 04:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
High
0.049 Low
EPSS
Percentile
92.8%
Related for CVE-2003-0770