Unrated severityNVD Advisory· Published Nov 12, 2004· Updated Jun 16, 2026
CVE-2004-1315
CVE-2004-1315
Description
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
30cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*+ 29 more
- cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0.6c:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0.6d:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0.7a:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0.8a:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0_beta1:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*
- (no CPE)range: <2.0.11
Patches
Vulnerability mechanics
References
11- secunia.com/advisories/13239/nvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/497400nvdPatchThird Party AdvisoryUS Government Resource
- www.us-cert.gov/cas/techalerts/TA04-356A.htmlnvdPatchThird Party AdvisoryUS Government Resource
- www.phpbb.com/phpBB/viewtopic.phpnvdVendor Advisory
- marc.infonvd
- marc.infonvd
- marc.infonvd
- www.securityfocus.com/archive/1/385208nvd
- www.securityfocus.com/bid/10701nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/18052nvd
- security.gentoo.org/glsa/200411-32nvd
News mentions
0No linked articles in our index yet.