PT-2001-2009 · Ikonboard · Ikonboard

Published

2001-11-22

Updated

2016-10-18

CVE-2001-0841

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Ikonboard versions prior to ib220

Description A directory traversal issue exists, allowing remote attackers to overwrite files and gain privileges. This is achieved by using .. (dot dot) sequences in the amembernamecookie cookie.

Recommendations For versions prior to ib220, update to a version later than ib220 to resolve the issue. As a temporary workaround, consider restricting access to the Search.cgi script until a patch is available. Avoid using the amembernamecookie cookie in the affected Search.cgi script until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0841

Affected Products

Ikonboard

PT-2001-2009 · Ikonboard · Ikonboard

CVE-2001-0841

Related Identifiers

Affected Products

References · 5