CVE-2009-0677

Sažetak

avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with the eval switch, as specified in an element of the patterns array.

Reference

http://ravenphpscripts.com/postt17156.html&sid=12d1201371612260a42fa846ebce7bad
http://secunia.com/advisories/33928
http://www.osvdb.org/52007
http://www.securityfocus.com/archive/1/500988/100/0/threaded
http://www.securityfocus.com/bid/33787
http://www.waraxe.us/advisory-72.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/48789
https://www.exploit-db.com/exploits/8068

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

10-10-2018 - 19:30

Objavljeno

22-02-2009 - 22:30