Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2004-1315
HistoryNov 12, 2004 - 5:00 a.m.

CVE-2004-1315

2004-11-1205:00:00
NVD-CWE-Other
[email protected]
web.nvd.nist.gov
110
cve-2004-1315
phpbb
remote code execution
url decoding
highlight parameter
security vulnerability

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.963 High

EPSS

Percentile

99.5%

JSON

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.

Related

seebug 3
packetstorm 3
nessus 4
checkpoint_advisories 4
openvas 2
gentoo 1
exploitpack 1
freebsd 1
exploitdb 1
seebug
seebug
PHP-Nuke 7.0/8.1/8.1.35 - Wormable Remote Code Execution
2014-07-01 00:00:00
PHP-Nuke倚δΈͺSQL注ε…₯漏洞
2010-05-08 00:00:00
Wormable Remote Code Execution in PHP-Nuke 7.0/8.1/8.1.35
2010-05-05 00:00:00
packetstorm
packetstorm
PHP-Nuke 7.0 / 8.1 / 8.1.35 Wormable Remote Code Execution
2010-05-05 00:00:00
phpBB viewtopic.php Arbitrary Code Execution
2009-12-31 00:00:00
phpBB viewtopic.php Arbitrary Code Execution
2009-10-30 00:00:00
nessus
nessus
phpBB < 2.0.11 Multiple Vulnerabilities (ESMARKCONANT)
2005-01-18 00:00:00
phpBB viewtopic.php highlight Parameter SQL Injection (ESMARKCONANT)
2004-11-22 00:00:00
FreeBSD : phpbb -- arbitrary command execution and other vulnerabilities (e3cf89f0-53da-11d9-92b7-ceadd4ac2edd)
2005-07-13 00:00:00
checkpoint_advisories
checkpoint_advisories
phpBB viewtopic.php URL Decoding Code Execution (CVE-2004-1315)
2012-08-20 00:00:00
phpBB viewtopic.php URL Decoding Code Execution - ver 2 (CVE-2004-1315)
2014-03-04 00:00:00
PhpBB viewtopic.php URL Decoding Code Execution - Ver2 (CVE-2004-1315)
2014-04-16 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200411-32 (phpBB)
2008-09-24 00:00:00
FreeBSD Ports: phpbb
2008-09-04 00:00:00
gentoo
gentoo
phpBB: Remote command execution
2004-11-24 00:00:00
exploitpack
exploitpack
PHP-Nuke 7.08.18.1.35 - Wormable Remote Code Execution
2010-05-05 00:00:00
freebsd
freebsd
phpbb -- arbitrary command execution and other vulnerabilities
2004-11-18 00:00:00
exploitdb
exploitdb
PHP-Nuke 7.0/8.1/8.1.35 - Wormable Remote Code Execution
2010-05-05 00:00:00

7.2 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.963 High

EPSS

Percentile

99.5%

JSON
Related for CVE-2004-1315
seebug3packetstorm3nessus4checkpoint_advisories4openvas2gentoo1exploitpack1freebsd1exploitdb1