CVE-2005-0887

Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://sourceforge.net/project/shownotes.php?release_id=315144	Patch Vendor Advisory
http://securitytracker.com/id?1013559	Patch Vendor Advisory
http://secunia.com/advisories/14688	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19806

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:michael_dean:double_choco_latte:0.9.4.2:::::::*
	cpe:2.3:a:michael_dean:double_choco_latte:0.9.4.3:::::::*
	cpe:2.3:a:michael_dean:double_choco_latte:0.9.3:::::::*
	cpe:2.3:a:michael_dean:double_choco_latte:0.9.4:::::::*

Information

Published : 2005-03-23 21:00

Updated : 2017-07-10 18:32

NVD link : CVE-2005-0887

Mitre link : CVE-2005-0887

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

michael_dean

double_choco_latte

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://sourceforge.net/project/shownotes.php?release_id=315144", "name": "http://sourceforge.net/project/shownotes.php?release_id=315144", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://securitytracker.com/id?1013559", "name": "1013559", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/14688", "name": "14688", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19806", "name": "dcl-file-include(19806)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-0887", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-03-24T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:michael_dean:double_choco_latte:0.9.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:michael_dean:double_choco_latte:0.9.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:michael_dean:double_choco_latte:0.9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:michael_dean:double_choco_latte:0.9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:32Z"}