Vulnerabilities > CVE-2003-0770 - Remote Security vulnerability in Ikonboard 3.1.1/3.1.2A

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
ikonboard-com
nessus
exploit available

Summary

FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement.

Vulnerable Configurations

Part Description Count
Application
Ikonboard.Com
2

Exploit-Db

  • descriptionIkonBoard 3.1 Lang Cookie Arbitrary Command Execution Vulnerability (2). CVE-2003-0770. Webapps exploit for cgi platform
    idEDB-ID:22500
    last seen2016-02-02
    modified2003-05-05
    published2003-05-05
    reportersnooq
    sourcehttps://www.exploit-db.com/download/22500/
    titleIkonBoard 3.1 Lang Cookie Arbitrary Command Execution Vulnerability 2
  • descriptionIkonBoard 3.1 Lang Cookie Arbitrary Command Execution Vulnerability (1). CVE-2003-0770. Webapps exploit for cgi platform
    idEDB-ID:22499
    last seen2016-02-02
    modified2003-04-15
    published2003-04-15
    reporterNick Cleaton
    sourcehttps://www.exploit-db.com/download/22499/
    titleIkonBoard 3.1 Lang Cookie Arbitrary Command Execution Vulnerability 1

Nessus

NASL familyCGI abuses
NASL idIKONBOARD_CMD_EXEC.NASL
descriptionThe remote server is running IkonBoard, a forum management CGI. The installed version fails to properly sanitize the
last seen2020-06-01
modified2020-06-02
plugin id11605
published2003-05-08
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11605
titleIkonboard FUNC.pm lang Cookie Arbitrary Command Execution