CVE Vulnerabilities

CVE-2003-0770

Published: Sep 22, 2003 | Modified: Oct 18, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the lang cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl eval statement.

Affected Software

Name Vendor Start Version End Version
Ikonboard Ikonboard.com 3.1.1 3.1.1
Ikonboard Ikonboard.com 3.1.2a 3.1.2a

References