Back to search
CVE-2003-1252
Published: Nov 16, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using a "system($cmd)" E-mail address with a "any_name.php" username.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
7819
third-party-advisory
x_refsource_SECUNIA
1005881
vdb-entry
x_refsource_SECTRACK
6547
vdb-entry
x_refsource_BID
20030105 A security vulnerability in S8Forum
mailing-list
x_refsource_BUGTRAQ
s8forum-register-command-execution(10974)
vdb-entry
x_refsource_XF
20030105 A security vulnerability in S8Forum
mailing-list
x_refsource_VULNWATCH
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now