CVE-2003-0770

{"id": "CVE-2003-0770", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2003-09-22T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=106381136115972&w=2", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/317234", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/336598", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=106381136115972&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/317234", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/336598", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the \"lang\" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl \"eval\" statement."}, {"lang": "es", "value": "FUNC.pm en IkonBoard 3.1.2a y anteriores, incluyendo 3.1.1, no limpia adecuadamente la galletita (cookie) \"lang\" cuando contiene caract\u00e9res ilegales, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario cuando la galletita se inserta en una sentencia Perl \"eval\"."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ikonboard.com:ikonboard:3.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3739756D-B9B0-48B6-8C45-FE9A36D203B0"}, {"criteria": "cpe:2.3:a:ikonboard.com:ikonboard:3.1.2a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCAB8510-C73D-4EFF-A657-F678F3D1C696"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}