Arbitrary Code Execution via Improper Cleansing of lang Cookie in IkonBoard 3.1.2a and Earlier

Arbitrary Code Execution via Improper Cleansing of lang Cookie in IkonBoard 3.1.2a and Earlier

CVE-2003-0770 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement.

Learn more about our Web Application Penetration Testing UK.