CyberSec.Space Logo
CVEブラウザに戻る

CVE-2009-0517

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0710%
EPSS Percentile10.48th
Published2009年2月11日
Last Modified2026年4月23日

Vulnerability Description

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦
Phpslash

Phpslash

All versions
📦
Phpslash

Phpslash

<= 0.8.1.1
📦
Phpslash

Phpslash

= 0.5.3.2
📦
Phpslash

Phpslash

= 0.6
📦
Phpslash

Phpslash

= 0.6.1
📦
Phpslash

Phpslash

= 0.6.2
📦
Phpslash

Phpslash

= 0.7.1
📦
Phpslash

Phpslash

= 0.7.2
📦
Phpslash

Phpslash

= 0.8.0
📦
Phpslash

Phpslash

= 0.8.1
📦
Phpslash

Phpslash

= 0.61
📦
Phpslash

Phpslash

= 065

References & Advisories

🔗 http://osvdb.org/51727
🔗 http://secunia.com/advisories/33717
🔗 http://www.securityfocus.com/archive/1/500664/100/0/threaded
🔗 http://www.securityfocus.com/bid/33572
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/48441
🔗 https://www.exploit-db.com/exploits/7948
🔗 http://osvdb.org/51727
🔗 http://secunia.com/advisories/33717

関連する脆弱性情報

CVE-2005-225710.0

The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying t...

CVE-2005-44797.5

SQL injection vulnerability in article.php in phpSlash 0.8.1 and earlier allows remote attackers to execute arbitrary SQL commands...

CVE-2001-13345.0

Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by...

CVE-2009-093910.0

Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which has unknown impact and attack vectors related to "Spec confor...