CVE-2004-1315

N/A Unknown
Published: November 12, 2004 Modified: April 16, 2026
View on NVD

Description

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://marc.info/?l=bugtraq&m=110029415208724&w=2
Source: cve@mitre.org
http://marc.info/?l=bugtraq&m=110365752909029&w=2
Source: cve@mitre.org
http://marc.info/?t=110079440800004&r=1&w=2
Source: cve@mitre.org
http://secunia.com/advisories/13239/
Source: cve@mitre.org
Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/497400
Source: cve@mitre.org
Patch Third Party Advisory US Government Resource
http://www.phpbb.com/phpBB/viewtopic.php?t=240513
Source: cve@mitre.org
Vendor Advisory
http://www.securityfocus.com/archive/1/385208
Source: cve@mitre.org
http://www.securityfocus.com/bid/10701
Source: cve@mitre.org
http://www.us-cert.gov/cas/techalerts/TA04-356A.html
Source: cve@mitre.org
Patch Third Party Advisory US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/18052
Source: cve@mitre.org
https://security.gentoo.org/glsa/200411-32
Source: cve@mitre.org
http://marc.info/?l=bugtraq&m=110029415208724&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
http://marc.info/?l=bugtraq&m=110365752909029&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
http://marc.info/?t=110079440800004&r=1&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/13239/
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/497400
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory US Government Resource
http://www.phpbb.com/phpBB/viewtopic.php?t=240513
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/archive/1/385208
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/10701
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.us-cert.gov/cas/techalerts/TA04-356A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/18052
Source: af854a3a-2127-422b-91ae-364da2661108
https://security.gentoo.org/glsa/200411-32
Source: af854a3a-2127-422b-91ae-364da2661108

22 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
85.9%
99th percentile
Exploitation Status
Not in CISA KEV

Affected Vendors

phpbb_group