Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0673

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2009-0673
Last Modified 26 Feb 2009 02:08:05
Published 22 Feb 2009 05:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-0673

Summary

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php.

Vulnerable Systems

Application

  • Ravenphpscripts Ravennuke 2.30


References

XF - ravennuke-admin-code-execution(48790)

MISC - http://www.waraxe.us/advisory-72.html

BID - 33787

BUGTRAQ - 20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0

MILW0RM - 8068

CONFIRM - http://ravenphpscripts.com/postt17156.html


Last Updated: 27 May 2016 10:50:20