Published: 22/09/2003 Updated: 18/10/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

FUNC.pm in IkonBoard 3.1.2a and previous versions, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote malicious users to execute arbitrary code when the cookie is inserted into a Perl "eval" statement.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ikonboard.com ikonboard 3.1.1
ikonboard.com ikonboard 3.1.2a

source: wwwsecurityfocuscom/bid/7361/info It has been reported that IkonBoard is prone to an arbitrary command execution vulnerability The vulnerability is due to insufficient sanitization performed on user supplied cookie data An attacker may exploit this issue to execute arbitrary commands in the security context of the web server ...

source: wwwsecurityfocuscom/bid/7361/info It has been reported that IkonBoard is prone to an arbitrary command execution vulnerability The vulnerability is due to insufficient sanitization performed on user supplied cookie data An attacker may exploit this issue to execute arbitrary commands in the security context of the web server ho ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/317234 http://www.securityfocus.com/archive/1/336598 http://marc.info/?l=bugtraq&m=106381136115972&w=2 https://nvd.nist.gov https://www.exploit-db.com/exploits/22500/

CVE-2003-0770

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect