CVE-2009-0673
published 2009-02-22CVE-2009-0673: Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated…
PriorityP339medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
2.65%
83.7th percentile
Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ravenphpscripts | ravennuke | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
WordPress Plugin Copperleaf Photolog 0.16 - SQL Injection
exploitdb·2010-02-15
CVE-2010-0673 WordPress Plugin Copperleaf Photolog 0.16 - SQL Injection
WordPress Plugin Copperleaf Photolog 0.16 - SQL Injection
---
#############################################################################################################
## WordPress Copperleaf Photolog SQL injection ##
## Author : kaMtiEz ([email protected]) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : 15 February, 2009 ##
#############################################################################################################
[ Software Information ]
[+] Vendor : http://www.copperleaf.org/
[+] Download : http://www.copperleaf.org/wp-content/code/cpl0.16.zip
[+] version : 0.16 / lower maybe also affected
[+] Vulnerability : SQL
[+] Dork : "CiHuY"
[+] LOCATION : INDONESIA - JOGJA
####################################################################################
Exploit-DB
ravennuke 2.3.0 - Multiple Vulnerabilities
exploitdb·2009-02-16
CVE-2009-0678 ravennuke 2.3.0 - Multiple Vulnerabilities
ravennuke 2.3.0 - Multiple Vulnerabilities
---
[waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0
Author: Janek Vind "waraxe"
Date: 16. February 2009
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-72.html
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RavenNuke is a web-based automated news publishing and content management
system based on PHP and MySQL. The system is fully controlled using a web-based
graphical user interface (GUI). RavenNuke is an extensively changed fork of
the phpNuke\portal system.
http://ravenphpscripts.com/
List of found vulnerabilities
1. Remote Php Code Execution in "avatarlist.php"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Security risk: High
No writeups or analysis indexed.
http://ravenphpscripts.com/postt17156.htmlhttp://www.securityfocus.com/archive/1/500988/100/0/threadedhttp://www.securityfocus.com/bid/33787http://www.waraxe.us/advisory-72.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/48790https://www.exploit-db.com/exploits/8068http://ravenphpscripts.com/postt17156.htmlhttp://www.securityfocus.com/archive/1/500988/100/0/threadedhttp://www.securityfocus.com/bid/33787http://www.waraxe.us/advisory-72.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/48790https://www.exploit-db.com/exploits/8068
2009-02-22
Published