9

CVE-2008-5071

Exploit
Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
YoxelYoxel Version <= 1.23beta
YoxelYoxel Version1.06beta
YoxelYoxel Version1.07beta
YoxelYoxel Version1.08beta
YoxelYoxel Version1.09beta
YoxelYoxel Version1.10beta
YoxelYoxel Version1.11beta
YoxelYoxel Version1.12beta
YoxelYoxel Version1.13beta
YoxelYoxel Version1.14beta
YoxelYoxel Version1.15beta
YoxelYoxel Version1.16beta
YoxelYoxel Version1.17beta
YoxelYoxel Version1.18beta
YoxelYoxel Version1.19beta
YoxelYoxel Version1.20
YoxelYoxel Version1.20beta
YoxelYoxel Version1.21
YoxelYoxel Version1.21beta
YoxelYoxel Version1.22
YoxelYoxel Version1.22beta
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.53% 0.849
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.