ID |
CVE-2003-0770
|
Summary |
FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 7.5 (as of 18-10-2016 - 02:37) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bugtraq | - 20030401 IkonBoard v3.1.1: arbitrary command execution
- 20030908 IkonBoard 3.1.2a arbitrary command execution
- 20030917 Exploit: IkonBoard 3.1.1/3.1.2a arbitrary command execution
|
|
Last major update |
18-10-2016 - 02:37 |
Published |
22-09-2003 - 04:00 |
Last modified |
18-10-2016 - 02:37 |