CVE-2004-1315

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.phpbb.com/phpBB/viewtopic.php?t=240513	Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA04-356A.html	Patch Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/497400	Patch Third Party Advisory US Government Resource
http://secunia.com/advisories/13239/	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/385208
http://www.securityfocus.com/bid/10701
http://marc.info/?l=bugtraq&m=110365752909029&w=2
http://marc.info/?t=110079440800004&r=1&w=2
http://marc.info/?l=bugtraq&m=110029415208724&w=2
https://security.gentoo.org/glsa/200411-32
https://exchange.xforce.ibmcloud.com/vulnerabilities/18052

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:phpbb_group:phpbb:1.2.0:::::::*
	cpe:2.3:a:phpbb_group:phpbb:1.2.1:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.10:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.2:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.3:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.7a:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.8:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:::::::*
	cpe:2.3:a:phpbb_group:phpbb::::::::
	cpe:2.3:a:phpbb_group:phpbb:1.4.2:::::::*
	cpe:2.3:a:phpbb_group:phpbb:1.4.4:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.5:::::::*
	cpe:2.3:a:phpbb_group:phpbb:1.4.1:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.1:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.4:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.9:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.7:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.8a:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.6d:::::::*
	cpe:2.3:a:phpbb_group:phpbb:1.0.0:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.6c:::::::*
	cpe:2.3:a:phpbb_group:phpbb:1.4.0:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.6:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0.0:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:::::::*
	cpe:2.3:a:phpbb_group:phpbb:1.0.1:::::::*
	cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:::::::*

Information

Published : 2004-11-11 21:00

Updated : 2017-07-10 18:30

NVD link : CVE-2004-1315

Mitre link : CVE-2004-1315

JSON object : View

CWE

NVD-CWE-Other

Products Affected

phpbb_group

phpbb

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.phpbb.com/phpBB/viewtopic.php?t=240513", "name": "http://www.phpbb.com/phpBB/viewtopic.php?t=240513", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA04-356A.html", "name": "TA04-356A", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "refsource": "CERT"}, {"url": "http://www.kb.cert.org/vuls/id/497400", "name": "VU#497400", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://secunia.com/advisories/13239/", "name": "13239", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/archive/1/385208", "name": "20041222 Re: phpBB Worm", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/bid/10701", "name": "10701", "tags": [], "refsource": "BID"}, {"url": "http://marc.info/?l=bugtraq&m=110365752909029&w=2", "name": "20041220 phpBB Worm", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?t=110079440800004&r=1&w=2", "name": "20041118 EXEC exploit in phpBB - fix", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=110029415208724&w=2", "name": "20041112 phpBB Code EXEC (v2.0.10)", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://security.gentoo.org/glsa/200411-32", "name": "GLSA-200411-32", "tags": [], "refsource": "GENTOO"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18052", "name": "phpbb-view-sql-injection(18052)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-1315", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2004-11-12T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:1.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:1.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:30Z"}

7.5 /10