7.5
CVE-2004-1315
- EPSS 85.91%
- Published 12.11.2004 05:00:00
- Last modified 03.04.2025 01:03:51
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
Data is provided by the National Vulnerability Database (NVD)
Phpbb Group ≫ Phpbb Version1.0.0
Phpbb Group ≫ Phpbb Version1.0.1
Phpbb Group ≫ Phpbb Version1.2.0
Phpbb Group ≫ Phpbb Version1.2.1
Phpbb Group ≫ Phpbb Version1.4.0
Phpbb Group ≫ Phpbb Version1.4.1
Phpbb Group ≫ Phpbb Version1.4.2
Phpbb Group ≫ Phpbb Version1.4.4
Phpbb Group ≫ Phpbb Version2.0.0
Phpbb Group ≫ Phpbb Version2.0.1
Phpbb Group ≫ Phpbb Version2.0.2
Phpbb Group ≫ Phpbb Version2.0.3
Phpbb Group ≫ Phpbb Version2.0.4
Phpbb Group ≫ Phpbb Version2.0.5
Phpbb Group ≫ Phpbb Version2.0.6
Phpbb Group ≫ Phpbb Version2.0.6c
Phpbb Group ≫ Phpbb Version2.0.6d
Phpbb Group ≫ Phpbb Version2.0.7
Phpbb Group ≫ Phpbb Version2.0.7a
Phpbb Group ≫ Phpbb Version2.0.8
Phpbb Group ≫ Phpbb Version2.0.8a
Phpbb Group ≫ Phpbb Version2.0.9
Phpbb Group ≫ Phpbb Version2.0.10
Phpbb Group ≫ Phpbb Version2.0_beta1
Phpbb Group ≫ Phpbb Version2.0_rc1
Phpbb Group ≫ Phpbb Version2.0_rc2
Phpbb Group ≫ Phpbb Version2.0_rc3
Phpbb Group ≫ Phpbb Version2.0_rc4
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 85.91% | 0.993 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|