Описание
Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:michael_dean:double_choco_latte:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:michael_dean:double_choco_latte:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:michael_dean:double_choco_latte:0.9.4.2:*:*:*:*:*:*:*
cpe:2.3:a:michael_dean:double_choco_latte:0.9.4.3:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.06211
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
больше 20 лет назад
Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allo ...
github
больше 3 лет назад
Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.
EPSS
Процентиль: 90%
0.06211
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other