CVE-2003-0770 Information

Description

FUNC.pm in IkonBoard 3.1.2a and earlier including 3.1.1 does not properly cleanse the \lang\ cookie when it contains illegal characters which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl \eval\ statement.

Reference

http://marc.info/?l=bugtraq&m=106381136115972&w=2 http://www.securityfocus.com/archive/1/317234 http://www.securityfocus.com/archive/1/336598