CVE-2005-2837

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-2837
Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via (1) Help.pm, (2) International.pm, or (3) WebGUI.pm.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.plainblack.com/getwebgui/advisories/security-exploit-found-in-6.x-versions Broken Link Patch Vendor Advisory
http://www.securityfocus.com/bid/14732 Broken Link Patch Third Party Advisory VDB Entry
http://www.plainblack.com/getwebgui/advisories/security-exploit-found-in-6.x-versions Broken Link Patch Vendor Advisory
http://www.securityfocus.com/bid/14732 Broken Link Patch Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:plainblack:webgui:*:*:*:*:*:*:*:*
History

21 Nov 2024, 00:00

Type Values Removed Values Added
References () http://www.plainblack.com/getwebgui/advisories/security-exploit-found-in-6.x-versions - Broken Link, Patch, Vendor Advisory () http://www.plainblack.com/getwebgui/advisories/security-exploit-found-in-6.x-versions - Broken Link, Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/14732 - Broken Link, Patch, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/14732 - Broken Link, Patch, Third Party Advisory, VDB Entry

14 Feb 2024, 16:53

Type Values Removed Values Added
First Time Plainblack webgui
Plainblack
References () http://www.plainblack.com/getwebgui/advisories/security-exploit-found-in-6.x-versions - Patch, Vendor Advisory () http://www.plainblack.com/getwebgui/advisories/security-exploit-found-in-6.x-versions - Broken Link, Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/14732 - Patch () http://www.securityfocus.com/bid/14732 - Broken Link, Patch, Third Party Advisory, VDB Entry
CWE NVD-CWE-Other CWE-94
CPE cpe:2.3:a:plain_black:webgui:6.2.9:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:6.2.6:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:6.2.7:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:6.5.0_beta:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:6.2:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:6.4.0:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:6.2.5:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:5.2.4:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:6.2.4:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:6.7.1:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:6.2.3:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:6.7.2:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:6.7.0:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:6.3.0:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:6.2.8:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:6.6.0:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:6.2.2:*:*:*:*:*:*:*
cpe:2.3:a:plain_black:webgui:5.2.3:*:*:*:*:*:*:*		 cpe:2.3:a:plainblack:webgui:*:*:*:*:*:*:*:*
Information

Published : 2005-09-07 20:03

Updated : 2025-04-03 01:03

NVD link : CVE-2005-2837

Mitre link : CVE-2005-2837

CVE.ORG link : CVE-2005-2837

JSON object : View

Products Affected

plainblack

  • webgui
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')