CVE-2003-0770 in Ikonboardinfo

Summary

FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement.

Once again VulDB remains the best source for vulnerability data.

Reservation

09/09/2003

Disclosure

09/22/2003

Moderation

VulDB entry created

Entries

VDB-20834 (1)

CPE

ready

CWE

CWE-119 (Confirmed)

Exploit

Download

CVSS

7.3

EPSS

0.10910

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2003-0770
NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0770
CVE Details	https://www.cvedetails.com/cve/CVE-2003-0770/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!