VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-2099

e107: bbcode/php.bb in e107 0.7.20 and earlier does not p...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2099

Original

bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-05-27

Source Information Category:

Advisory, Alert

Last Updated:

2010-05-28

Affected Product Tags

cpe:/a:e107:e107:0.545

cpe:/a:e107:e107:0.547:beta

cpe:/a:e107:e107:0.548:beta

cpe:/a:e107:e107:0.549:beta

cpe:/a:e107:e107:0.551:beta

cpe:/a:e107:e107:0.552:beta

cpe:/a:e107:e107:0.553:beta

cpe:/a:e107:e107:0.554

cpe:/a:e107:e107:0.554:beta

cpe:/a:e107:e107:0.555:beta

cpe:/a:e107:e107:0.600

cpe:/a:e107:e107:0.601

cpe:/a:e107:e107:0.602

cpe:/a:e107:e107:0.603

cpe:/a:e107:e107:0.604

cpe:/a:e107:e107:0.605

cpe:/a:e107:e107:0.606

cpe:/a:e107:e107:0.607

cpe:/a:e107:e107:0.608

cpe:/a:e107:e107:0.609

cpe:/a:e107:e107:0.610

cpe:/a:e107:e107:0.611

cpe:/a:e107:e107:0.612

cpe:/a:e107:e107:0.613

cpe:/a:e107:e107:0.614

cpe:/a:e107:e107:0.615

cpe:/a:e107:e107:0.615a

cpe:/a:e107:e107:0.616

cpe:/a:e107:e107:0.617

cpe:/a:e107:e107:0.6171

cpe:/a:e107:e107:0.6172

cpe:/a:e107:e107:0.6173

cpe:/a:e107:e107:0.6174

cpe:/a:e107:e107:0.6175

cpe:/a:e107:e107:0.6_10

cpe:/a:e107:e107:0.6_11

cpe:/a:e107:e107:0.6_12

cpe:/a:e107:e107:0.6_13

cpe:/a:e107:e107:0.6_14

cpe:/a:e107:e107:0.6_15

cpe:/a:e107:e107:0.6_15a

cpe:/a:e107:e107:0.7

cpe:/a:e107:e107:0.7.0

cpe:/a:e107:e107:0.7.1

cpe:/a:e107:e107:0.7.10

cpe:/a:e107:e107:0.7.11

cpe:/a:e107:e107:0.7.12

cpe:/a:e107:e107:0.7.13

cpe:/a:e107:e107:0.7.14

cpe:/a:e107:e107:0.7.15

cpe:/a:e107:e107:0.7.16

cpe:/a:e107:e107:0.7.17

cpe:/a:e107:e107:0.7.18

cpe:/a:e107:e107:0.7.19

cpe:/a:e107:e107:0.7.2

cpe:/a:e107:e107:0.7.20 and previous versions

cpe:/a:e107:e107:0.7.3

cpe:/a:e107:e107:0.7.4

cpe:/a:e107:e107:0.7.5

cpe:/a:e107:e107:0.7.6

cpe:/a:e107:e107:0.7.7

cpe:/a:e107:e107:0.7.8

cpe:/a:e107:e107:0.7.9

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 40252

MISC http://php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/index.html

Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)