[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-0677Date: (C)2009-02-22   (M)2023-12-22


avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with the eval switch, as specified in an element of the patterns array.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.5
Exploit Score: 8.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://www.securityfocus.com/archive/1/500988/100/0/threaded
BID-33787
SECUNIA-33928
OSVDB-52007
EXPLOIT-DB-8068
http://ravenphpscripts.com/postt17156.html&sid=12d1201371612260a42fa846ebce7bad
http://www.waraxe.us/advisory-72.html
ravennuke-avatarlist-code-execution(48789)

CWE    1
CWE-94

© SecPod Technologies