Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0887

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-0887
Last Modified 05 Sep 2008 04:47:36
Published 24 Mar 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0887

Summary

Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.

Vulnerable Systems

Application

  • Michael Dean Double Choco Latte 0.9.3

  • Michael Dean Double Choco Latte 0.9.4

  • Michael Dean Double Choco Latte 0.9.4.2

  • Michael Dean Double Choco Latte 0.9.4.3


References

XF - dcl-file-include(19806)

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=315144

SECTRACK - 1013559

SECUNIA - 14688


Last Updated: 27 May 2016 10:39:58