CVE-2003-0395 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Myupb	Ultimate Php Board	1.9

Related Weaknesses (CWE)

CWE-94

References

http://f0kp.iplus.ru/bz/024.en.txtBroken Link
http://marc.info/?l=bugtraq&m=105379741528925&w=2Third Party Advisory
http://f0kp.iplus.ru/bz/024.en.txtBroken Link
http://marc.info/?l=bugtraq&m=105379741528925&w=2Third Party Advisory

FAQ

What is CVE-2003-0395?

CVE-2003-0395 is a vulnerability with a CVSS score of 7.5 (HIGH). Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed...

How severe is CVE-2003-0395?

CVE-2003-0395 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2003-0395?

Check the references section above for vendor advisories and patch information. Affected products include: Myupb Ultimate Php Board.