CVE-2009-0673
Published Feb 22, 2009
Last updated 6 years ago
Overview
- Description
- Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-94
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ravenphpscripts:ravennuke:2.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24561E2B-3481-4E0C-8115-14A7FBB2F176"
}
],
"operator": "OR"
}
]
}
]