Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5071

Overview

Vulnerability Score 9.0 9.0
CVE Id CVE-2008-5071
Last Modified 19 Aug 2009 01:21:10
Published 14 Nov 2008 01:07:59
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-5071

Summary

Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.

Vulnerable Systems

Application

  • Yoxel 1.06beta

  • Yoxel 1.07beta

  • Yoxel 1.08beta

  • Yoxel 1.09beta

  • Yoxel 1.10beta

  • Yoxel 1.11beta

  • Yoxel 1.12beta

  • Yoxel 1.13beta

  • Yoxel 1.14beta

  • Yoxel 1.15beta

  • Yoxel 1.16beta

  • Yoxel 1.17beta

  • Yoxel 1.18beta

  • Yoxel 1.19beta

  • Yoxel 1.20

  • Yoxel 1.20beta

  • Yoxel 1.21

  • Yoxel 1.21beta

  • Yoxel 1.22

  • Yoxel 1.22beta

  • Yoxel 1.23beta


References

XF - yoxel-itpmestimate-file-include(45488)

BID - 31448

MILW0RM - 6606

SREASON - 4591


Last Updated: 27 May 2016 10:48:42