Published: 11/02/2009 Updated: 11/10/2018

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and previous versions allows remote malicious users to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpslash phpslash 0.7.2
phpslash phpslash 0.7.1
phpslash phpslash 0.6.1
phpslash phpslash 0.8.1
phpslash phpslash 065
phpslash phpslash 0.6
phpslash phpslash
phpslash phpslash 0.5.3.2
phpslash phpslash 0.6.2
phpslash phpslash 0.61
phpslash phpslash 0.8.0

#!/usr/bin/php -q <?php # # phpslash <= 0811 Remote Code Execution Exploit # - - - - - - - - - - - - - - - - - - - - - - - - - # RCE with no special rights (guest) # No special PHP conditions required # - - - - - - - - - - - - - - - - - - - - - - - - - # #0 It was a private sploit, but I decided to publish # it #1 You did the fag on th ...

CWE-94 http://osvdb.org/51727 http://secunia.com/advisories/33717 http://www.securityfocus.com/bid/33572 https://exchange.xforce.ibmcloud.com/vulnerabilities/48441 https://www.exploit-db.com/exploits/7948 http://www.securityfocus.com/archive/1/500664/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/7948/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-0517

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect