CVE-2009-0677

Published: 22/02/2009 Updated: 10/10/2018

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with the eval switch, as specified in an element of the patterns array.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ravenphpscripts ravennuke 2.30

[waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 230 =============================================================================== Author: Janek Vind "waraxe" Date: 16 February 2009 Location: Estonia, Tartu Web: wwwwaraxeus/advisory-72html Description of vulnerable software: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ...

CWE-94 http://www.osvdb.org/52007 http://secunia.com/advisories/33928 http://www.waraxe.us/advisory-72.html http://ravenphpscripts.com/postt17156.html&sid=12d1201371612260a42fa846ebce7bad http://www.securityfocus.com/bid/33787 https://exchange.xforce.ibmcloud.com/vulnerabilities/48789 https://www.exploit-db.com/exploits/8068 http://www.securityfocus.com/archive/1/500988/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/8068/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-0677

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect