exploitDog

CVE-2003-0770

Опубликовано: 22 сент. 2003

Источник: nvd

CVSS2: 7.5

EPSS Средний

Описание

FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement.

Ссылки

http://marc.info/?l=bugtraq&m=106381136115972&w=2
http://www.securityfocus.com/archive/1/317234
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/336598
http://marc.info/?l=bugtraq&m=106381136115972&w=2
http://www.securityfocus.com/archive/1/317234
Exploit
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/336598

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ikonboard.com:ikonboard:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:ikonboard.com:ikonboard:3.1.2a:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.1091

Средний

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-58h2-fw8q-2pg7

github

больше 3 лет назад

FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement.

EPSS

Процентиль: 93%

0.1091

Средний

7.5 High

CVSS2

Дефекты

NVD-CWE-Other