CVE-2008-5071

UNKNOWN

Multiple eval injection vulnerabilities in itpm_estimate

Published Nov 14, 2008

Modified 1 years ago

No fix available

Details

Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.

References

ADVISORYhttp://securityreason.com/securityalert/4591 WEBhttp://www.securityfocus.com/bid/31448 WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/45488 ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2008-5071 DETECTIONhttps://www.exploit-db.com/exploits/6606

CVSS Analysis

CVSS v2.0

9.0

Exploitability

Access Vector

NetworkAV:N

Access Complexity

LowAC:L

Authentication

SingleAu:S

Impact

Confidentiality

CompleteC:C

Integrity

CompleteI:C

Availability

CompleteA:C

9/AV:N/AC:L/Au:S/C:C/I:C/A:C

Ecosystems

Timeline

PublishedNov 14, 2008

ModifiedAug 7, 2024