cbcvebase.
CVE-2010-2099
published 2010-05-27

CVE-2010-2099: bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote…

PriorityP270high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.87%
90.9th percentile
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.

Affected

62 ranges· showing 25
VendorProductVersion rangeFixed in
e107e107<= 0.7.20
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107
e107e107

Detection & IOCsextracted from sources · hover to see the quote

pathbbcode/php.bb
pathcontact.php
commandsend-contactus=1&author_name=%5Bphp%5D$load%3Bdie%28%29%3B%5B%2Fphp%5D
  • Monitor POST requests to contact.php containing URL-encoded [php] BBcode tags in the author_name parameter (e.g., %5Bphp%5D...%5B%2Fphp%5D), which is the attack vector for arbitrary PHP code execution.
  • Detect POST requests with the parameter send-contactus=1 combined with BBcode php tags in any user-supplied field, as the vulnerability stems from missing access control on php bbcode tag processing across all inputs.
  • Flag invocations of the toHTML method triggered via the toEmail method in contact.php, as this is the specific code path exploited to achieve PHP code execution.
  • ·The exploit targets e107 version 0.7.20 and earlier; versions beyond this are not confirmed vulnerable by the source.

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.