CyberSec.Space Logo
Back to CVE Browser

CVE-2003-0770

HIGH
7.5
CVSS Severity Score
EPSS Score0.1260%
EPSS Percentile20.03th
PublishedSep 22, 2003
Last ModifiedApr 16, 2026

Vulnerability Description

FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement.

Affected Platforms (CPE)

πŸ“¦
Ikonboard.com

Ikonboard

= 3.1.1
πŸ“¦
Ikonboard.com

Ikonboard

= 3.1.2a

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=106381136115972&w=2
πŸ”— http://www.securityfocus.com/archive/1/317234
πŸ”— http://www.securityfocus.com/archive/1/336598
πŸ”— http://marc.info/?l=bugtraq&m=106381136115972&w=2
πŸ”— http://www.securityfocus.com/archive/1/317234
πŸ”— http://www.securityfocus.com/archive/1/336598

Related Vulnerabilities

CVE-2001-007610.0

register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers to execute arbitrary commands via the SEND_MAIL parameter, wh...

CVE-2001-08417.5

Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain...

CVE-2002-03287.5

Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote attackers to execute arbitrary script as other Ikonboard users...

CVE-2004-14067.5

SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 through 3.1.3 allows remote attackers to inject arbitrary SQL comm...