CVE-2010-2099
published 2010-05-27CVE-2010-2099: bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote…
PriorityP270high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
4.87%
90.9th percentile
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.
Affected
62 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| e107 | e107 | <= 0.7.20 | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
| e107 | e107 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor POST requests to contact.php containing URL-encoded [php] BBcode tags in the author_name parameter (e.g., %5Bphp%5D...%5B%2Fphp%5D), which is the attack vector for arbitrary PHP code execution. ↗
- →Detect POST requests with the parameter send-contactus=1 combined with BBcode php tags in any user-supplied field, as the vulnerability stems from missing access control on php bbcode tag processing across all inputs. ↗
- →Flag invocations of the toHTML method triggered via the toEmail method in contact.php, as this is the specific code path exploited to achieve PHP code execution. ↗
- ·The exploit targets e107 version 0.7.20 and earlier; versions beyond this are not confirmed vulnerable by the source. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v96j-6mvx-676w: bbcode/php
ghsa_unreviewed·2022-05-17
CVE-2010-2099 [HIGH] GHSA-v96j-6mvx-676w: bbcode/php
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.
VulnCheck
e107 bbcode/php.bb Arbitrary Code Execution Vulnerability
vulncheck·2010·CVSS 7.5
CVE-2010-2099 [HIGH] e107 bbcode/php.bb Arbitrary Code Execution Vulnerability
e107 bbcode/php.bb Arbitrary Code Execution Vulnerability
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.
Affected: e107 e107
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://isc.sans.edu/diary/Casper+the+unfriendly+ghost/9430/
No detection rules found.
No writeups or analysis indexed.
2010-05-27
Published
Exploited in the wild