Vulnerabilities > CVE-2003-1252 - Unspecified vulnerability in Kelli Shaver S8Forum 3.0

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
kelli-shaver
exploit available
NVD
Published: 2003-12-31
Updated: 2024-11-20

Summary

register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using a "system($cmd)" E-mail address with a "any_name.php" username.

Vulnerable Configurations

Part Description Count
Application
Kelli_Shaver
1

Exploit-Db

descriptionS8Forum 3.0 Remote Command Execution Vulnerability. CVE-2003-1252 . Webapps exploit for php platform
idEDB-ID:22134
last seen2016-02-02
modified2003-01-06
published2003-01-06
reporternmsh_sa
sourcehttps://www.exploit-db.com/download/22134/
titleS8Forum 3.0 - Remote Command Execution Vulnerability

References