CVE-2005-0887

Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/14688	Patch Vendor Advisory
http://securitytracker.com/id?1013559	Patch Vendor Advisory
http://sourceforge.net/project/shownotes.php?release_id=315144	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19806

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:michael_dean:double_choco_latte:0.9.3:::::::*
	cpe:2.3:a:michael_dean:double_choco_latte:0.9.4:::::::*
	cpe:2.3:a:michael_dean:double_choco_latte:0.9.4.2:::::::*
	cpe:2.3:a:michael_dean:double_choco_latte:0.9.4.3:::::::*

History

No history.

Information

Published : 2005-03-24 05:00

Updated : 2024-02-04 16:52

NVD link : CVE-2005-0887

Mitre link : CVE-2005-0887

CVE.ORG link : CVE-2005-0887

JSON object : View

Products Affected

michael_dean

double_choco_latte

CWE

NVD-CWE-Other

{"id": "CVE-2005-0887", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-03-24T05:00:00.000", "references": [{"url": "http://secunia.com/advisories/14688", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1013559", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://sourceforge.net/project/shownotes.php?release_id=315144", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19806", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement."}], "lastModified": "2017-07-11T01:32:27.390", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:michael_dean:double_choco_latte:0.9.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A21A71D7-6B55-45E3-BA64-282B054EF2B9"}, {"criteria": "cpe:2.3:a:michael_dean:double_choco_latte:0.9.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96942628-4B67-4C1E-BA49-9FD87C22C5D0"}, {"criteria": "cpe:2.3:a:michael_dean:double_choco_latte:0.9.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FB18CD4-1DC5-4F4D-BDB8-35576CE5964D"}, {"criteria": "cpe:2.3:a:michael_dean:double_choco_latte:0.9.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99B2609F-D8A8-498A-9364-ACAC3C8758EE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}