Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-2099 | First vendor Publication | 2010-05-27 |
Vendor | Cve | Last vendor Modification | 2010-05-28 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2099 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-05-25 | Name : e107 BBCode Arbitrary PHP Code Execution Vulnerability File : nvt/gb_e107_40252.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
65243 | e107 bbcode/php.bb Access Control Check Weakness Arbitrary PHP Code Execution |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-05-21 | Name : The remote web server contains a PHP script that allows arbitrary code execut... File : e107_bbcode_php_code_execution.nasl - Type : ACT_ATTACK |
Sources (Detail)
Source | Url |
---|---|
BID | http://www.securityfocus.com/bid/40252 |
MISC | http://php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-... |
Alert History
Date | Informations |
---|---|
2021-05-04 12:11:37 |
|
2021-04-22 01:12:14 |
|
2020-05-23 01:42:09 |
|
2020-05-23 00:25:53 |
|
2016-06-29 00:13:19 |
|
2016-04-26 19:51:42 |
|
2014-02-17 10:55:44 |
|
2013-05-10 23:26:09 |
|