FUNC.pm in IkonBoard 3.1.2a and previous versions, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote malicious users to execute arbitrary code when the cookie is inserted into a Perl "eval" statement.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ikonboard.com ikonboard 3.1.1 |
||
ikonboard.com ikonboard 3.1.2a |