← back
CVE-2010-2099

CVE-2010-2099

EPSS 4.9%
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/12715unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://php-security.org/2010/05/19/mops-2010-035-e107-bbcode-remote-php-code-execution-vulnerability/index.htmlhttp://www.securityfocus.com/bid/40252