Arbitrary Code Execution via Improper Cleansing of lang Cookie in IkonBoard 3.1.2a and Earlier
CVE-2003-0770 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement.
Learn more about our Web Application Penetration Testing UK.