Описание
Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:michael_dean:double_choco_latte:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:michael_dean:double_choco_latte:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:michael_dean:double_choco_latte:0.9.4.2:*:*:*:*:*:*:*
cpe:2.3:a:michael_dean:double_choco_latte:0.9.4.3:*:*:*:*:*:*:*
EPSS
Процентиль: 91%
0.07111
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
почти 21 год назад
Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allo ...
github
почти 4 года назад
Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.
EPSS
Процентиль: 91%
0.07111
Низкий
7.5 High
CVSS2
Дефекты
NVD-CWE-Other