Published: 25/04/2006 Updated: 18/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Eval injection vulnerability in index.php in ClanSys 1.1 allows remote malicious users to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by some sources, but that is just one attack; the primary vulnerability is eval injection.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clansys clansys 1.1

NukedX Security Advisory Nr 2006-29 ClanSys v11 (indexphp page) PHP Code Insertion Vulnerability Method found & Exploit scripted by nukedx Contacts > ICQ: 10072 MSN/Main: nukedx@nukedxcom web: wwwnukedxcom Original advisory: wwwnukedxcom/?viewdoc=29 Dork: "ClanSys v11" 2400 pages Full PoC -> GET -> [victim]/[Cl ...

NVD-CWE-Other http://www.nukedx.com/?getxpl=29 http://www.securityfocus.com/bid/17660 http://securitytracker.com/id?1015988 http://www.osvdb.org/25083 http://securityreason.com/securityalert/782 https://exchange.xforce.ibmcloud.com/vulnerabilities/25976 http://www.securityfocus.com/archive/1/431873/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/1710/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-2005

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect