Vulnerability CVE-2009-0517


Published: 2009-02-10   Modified: 2012-02-13

Description:
Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information.

See advisories in our WLB2 database:
Topic
Author
Date
High
phpslash <= 0.8.1.1 Remote Code Execution
gmdarkfig
12.02.2009

Type:

CWE-94

(Improper Control of Generation of Code ('Code Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Phpslash -> Phpslash 

 References:
http://www.securityfocus.com/archive/1/500664/100/0/threaded
http://www.securityfocus.com/bid/33572
https://exchange.xforce.ibmcloud.com/vulnerabilities/48441
https://www.exploit-db.com/exploits/7948

Copyright 2024, cxsecurity.com

 

Back to Top