cbcvebase.
CVE-2009-0517
published 2009-02-11

CVE-2009-0517: Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which…

PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
45.27%
98.6th percentile
Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information.

Affected

11 ranges
VendorProductVersion rangeFixed in
phpslashphpslash<= 0.8.1.1
phpslashphpslash
phpslashphpslash
phpslashphpslash
phpslashphpslash
phpslashphpslash
phpslashphpslash
phpslashphpslash
phpslashphpslash
phpslashphpslash
phpslashphpslash

Detection & IOCsextracted from sources · hover to see the quote

pathindex.php?fields=
commandeval(base64_decode($_SERVER[HTTP_MYPCODE]));
pathinclude/class/tz_env.class
  • Exploit delivers arbitrary PHP code via the `fields` GET parameter to index.php, encoded using MySQL CHAR() encoding to bypass input filtering.
  • Exploit uses a custom HTTP header `MypCode` carrying base64-encoded PHP payload (e.g. system() calls), which is decoded server-side via $_SERVER[HTTP_MYPCODE].
  • Single-quote and exit injection sequence `1');` is prepended to the fields parameter payload to break out of the eval context.
  • Attacker injects `exit();//` at the end of the payload to terminate execution cleanly and avoid detection via error output.
  • ·The vulnerability exists in phpSlash 0.8.1.1 and earlier; the eval injection occurs inside the `generic` function in the tz_env class, meaning the `fields` parameter is passed directly to eval().
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.