Strix
26.1K

CVE-2010-2099

UnknownEPSS 4.87%

Last modified

CVE-2010-2099 is a vulnerability of currently unknown severity. bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.. EPSS estimates a 4.87% chance of exploitation in the next 30 days.

Description

bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.

Metrics

EPSS Probability
4.87%

90.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
E107E107<= 0.7.20
E107E1070.6_10
E107E1070.6_11
E107E1070.6_12
E107E1070.6_13
E107E1070.6_14
E107E1070.6_15
E107E1070.6_15a
E107E1070.7
E107E1070.7.0
E107E1070.7.1
E107E1070.7.2
E107E1070.7.3
E107E1070.7.4
E107E1070.7.5
E107E1070.7.6
E107E1070.7.7
E107E1070.7.8
E107E1070.7.9
E107E1070.7.10
E107E1070.7.11
E107E1070.7.12
E107E1070.7.13
E107E1070.7.14
E107E1070.7.15
E107E1070.7.16
E107E1070.7.17
E107E1070.7.18
E107E1070.7.19
E107E1070.545
E107E1070.547Beta
E107E1070.548Beta
E107E1070.549Beta
E107E1070.551Beta
E107E1070.552Beta
E107E1070.553Beta
E107E1070.554
E107E1070.555Beta
E107E1070.600
E107E1070.601
E107E1070.602
E107E1070.603
E107E1070.604
E107E1070.605
E107E1070.606
E107E1070.607
E107E1070.608
E107E1070.609
E107E1070.610
E107E1070.611

Showing 50 of 62 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2010-2099?
bbcode/php.bb in e107 0.7.20 and earlier does not perform access control checks for all inputs that could contain the php bbcode tag, which allows remote attackers to execute arbitrary PHP code, as demonstrated using the toEmail method in contact.php, related to invocations of the toHTML method.
How severe is CVE-2010-2099?
Severity scoring for CVE-2010-2099 is pending analysis. The EPSS model estimates a 4.87% probability of exploitation in the next 30 days.
How do I fix CVE-2010-2099?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-2099?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST