What is CVE-2004-1315?

CVE-2004-1315 is a vulnerability in N/a. Published 2004-12-31.

Is CVE-2004-1315 known to be exploited?

32 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2004-1315

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so t…

EPSS: 0.859 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

10701 (vdb-entry, x_refsource_BID)
GLSA-200411-32 (vendor-advisory, x_refsource_GENTOO)
20041220 phpBB Worm (mailing-list, x_refsource_BUGTRAQ)
phpbb-view-sql-injection(18052) (vdb-entry, x_refsource_XF)
www.phpbb.com/phpBB/viewtopic.php (x_refsource_CONFIRM)
VU#497400 (x_refsource_CERT-VN, third-party-advisory)
TA04-356A (x_refsource_CERT, third-party-advisory)
13239 (x_refsource_SECUNIA, third-party-advisory)
20041118 EXEC exploit in phpBB - fix (mailing-list, x_refsource_BUGTRAQ)
20041222 Re: phpBB Worm (mailing-list, x_refsource_BUGTRAQ)

Frequently asked questions

What is CVE-2004-1315?: CVE-2004-1315 is a vulnerability in N/a. Published 2004-12-31.
Is CVE-2004-1315 known to be exploited?: 32 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.