Description
FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Nick Cleaton · perlwebappscgi
https://www.exploit-db.com/exploits/22499
Scores
EPSS
0.1091
EPSS Percentile
93.4%
Details
Status
published
Products (2)
ikonboard.com/ikonboard
3.1.1
ikonboard.com/ikonboard
3.1.2a
Published
Sep 22, 2003
Tracked Since
Feb 18, 2026