Published: 31/01/2018 Updated: 26/04/2019

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 935

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

htdocs/setup/index.php in Eventum prior to 2.3.5 allows remote malicious users to inject and execute arbitrary PHP code via the hostname parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
eventum project eventum

Advisory ID: HTB23198 Product: Eventum Vendor: Eventum Development Team Vulnerable Version(s): 234 and probably prior Tested Version: 234 Advisory Publication: January 22, 2014 [without technical details] Vendor Notification: January 22, 2014 Vendor Patch: January 24, 2014 Public Disclosure: January 27, 2014 Vulnerability Type: Incorrect D ...

Eventum version 234 suffers from incorrect default permission and code injection vulnerabilities ...

CWE-275 https://www.htbridge.com/advisory/HTB23198 https://bugs.launchpad.net/eventum/+bug/1271499 http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4665 http://www.securityfocus.com/archive/1/530891/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/39066/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-1632

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect