CyberSec.Space Logo
Back to CVE Browser

CVE-2009-0517

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0710%
EPSS Percentile10.48th
PublishedFeb 11, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

πŸ“¦
Phpslash

Phpslash

All versions
πŸ“¦
Phpslash

Phpslash

<= 0.8.1.1
πŸ“¦
Phpslash

Phpslash

= 0.5.3.2
πŸ“¦
Phpslash

Phpslash

= 0.6
πŸ“¦
Phpslash

Phpslash

= 0.6.1
πŸ“¦
Phpslash

Phpslash

= 0.6.2
πŸ“¦
Phpslash

Phpslash

= 0.7.1
πŸ“¦
Phpslash

Phpslash

= 0.7.2
πŸ“¦
Phpslash

Phpslash

= 0.8.0
πŸ“¦
Phpslash

Phpslash

= 0.8.1
πŸ“¦
Phpslash

Phpslash

= 0.61
πŸ“¦
Phpslash

Phpslash

= 065

References & Advisories

πŸ”— http://osvdb.org/51727
πŸ”— http://secunia.com/advisories/33717
πŸ”— http://www.securityfocus.com/archive/1/500664/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/33572
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/48441
πŸ”— https://www.exploit-db.com/exploits/7948
πŸ”— http://osvdb.org/51727
πŸ”— http://secunia.com/advisories/33717

Related Vulnerabilities

CVE-2005-225710.0

The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying t...

CVE-2005-44797.5

SQL injection vulnerability in article.php in phpSlash 0.8.1 and earlier allows remote attackers to execute arbitrary SQL commands...

CVE-2001-13345.0

Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by...

CVE-2009-049210.0

Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an "auth vulnerabilit...