Vulnerabilities > CVE-2003-0770 - Remote Security vulnerability in Ikonboard 3.1.1/3.1.2A
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description IkonBoard 3.1 Lang Cookie Arbitrary Command Execution Vulnerability (2). CVE-2003-0770. Webapps exploit for cgi platform id EDB-ID:22500 last seen 2016-02-02 modified 2003-05-05 published 2003-05-05 reporter snooq source https://www.exploit-db.com/download/22500/ title IkonBoard 3.1 Lang Cookie Arbitrary Command Execution Vulnerability 2 description IkonBoard 3.1 Lang Cookie Arbitrary Command Execution Vulnerability (1). CVE-2003-0770. Webapps exploit for cgi platform id EDB-ID:22499 last seen 2016-02-02 modified 2003-04-15 published 2003-04-15 reporter Nick Cleaton source https://www.exploit-db.com/download/22499/ title IkonBoard 3.1 Lang Cookie Arbitrary Command Execution Vulnerability 1
Nessus
NASL family | CGI abuses |
NASL id | IKONBOARD_CMD_EXEC.NASL |
description | The remote server is running IkonBoard, a forum management CGI. The installed version fails to properly sanitize the |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11605 |
published | 2003-05-08 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11605 |
title | Ikonboard FUNC.pm lang Cookie Arbitrary Command Execution |