Vulnerabilities > CVE-2003-1252 - Remote Command Execution vulnerability in Kelli Shaver S8Forum 3.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using a "system($cmd)" E-mail address with a "any_name.php" username.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | S8Forum 3.0 Remote Command Execution Vulnerability. CVE-2003-1252 . Webapps exploit for php platform |
| id | EDB-ID:22134 |
| last seen | 2016-02-02 |
| modified | 2003-01-06 |
| published | 2003-01-06 |
| reporter | nmsh_sa |
| source | https://www.exploit-db.com/download/22134/ |
| title | S8Forum 3.0 - Remote Command Execution Vulnerability |