Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1315 — Double Decoding of the Same Data in Group Phpbb

CWE-174 — Double Decoding of the Same Data CWE-172 — Encoding Error11 documents7 sources

Severity

7.5HIGHNVD

EPSS

85.9%

top 0.61%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpbb Group Phpbb

Timeline

PublishedNov 12

Latest updateApr 29

Description

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDphpbb_group/phpbb28 versions+27

Patches

Patch: secunia.com ↗Patch: www.kb.cert.org ↗Patch: www.us-cert.gov ↗

🔴Vulnerability Details

GHSA

GHSA-x5j2-7752-gm38: viewtopic↗2022-04-29

▶

VulnCheck

phpBB 2.x before 2.0.11viewtopic.php Arbitrary PHP Code Execution↗2004

▶

💥Exploits & PoCs

Exploit-DB

phpBB - 'viewtopic.php' Arbitrary Code Execution (Metasploit)↗2010-07-03

▶

Exploit-DB

PHP-Nuke 7.0/8.1/8.1.35 - Wormable Remote Code Execution↗2010-05-05

▶

Exploit-DB

phpBB 2.0.10 - Remote Command Execution↗2004-11-22

▶

Exploit-DB

phpBB 2.0.x - 'viewtopic.php' PHP Script Injection↗2004-07-12

▶

Metasploit

phpBB viewtopic.php Arbitrary Code Execution↗

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS WEB-PHP RCE PHPBB 2004-1315↗2015-07-07

▶

📐Framework References

CWE

Double Decoding of the Same Data↗

▶

CWE

Encoding Error↗

▶