vendor:
NoBoard (BETA)
by:
FiSh
7.5
CVSS
HIGH
Remote Code Execution
Unknown
CWE
Product Name: NoBoard (BETA)
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
MKPortal NoBoard (BETA)
The MKPortal NoBoard (BETA) script is vulnerable to remote code execution. An attacker can exploit this vulnerability by sending a specially crafted request to the user.php file, which allows them to execute arbitrary code on the server. This vulnerability was discovered by FiSh.
Mitigation:
It is recommended to update to a patched version of the MKPortal NoBoard script. Additionally, proper input validation should be implemented to prevent remote code execution vulnerabilities.