CVE-2013-10070
published 2025-08-05CVE-2013-10070: PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without…
PriorityP274critical10CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.39%
69.0th percentile
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php-charts | php-charts | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP GET requests to wizard/url.php where parameter names contain base64-encoded or otherwise obfuscated PHP code payloads, as the vulnerability passes GET parameter names directly to eval(). ↗
- →Alert on requests to wizard/url.php containing base64-encoded strings in GET parameter names, as attackers embed arbitrary PHP code via base64-encoded payloads in parameter names to achieve unauthenticated RCE. ↗
- →Exploit attempts targeting this CVE can be identified via the Metasploit module path exploits/unix/webapp/php_charts_exec, which can appear in attacker tooling or logs. ↗
- ·The vulnerability is unauthenticated — no credentials or session are required to exploit it, meaning any network-accessible instance of PHP-Charts v1.0 is at risk without additional access controls. ↗
- ·Code execution occurs under the web server user's context, so the impact scope depends on the privileges of the web server process on the host. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/php_charts_exec.rbhttps://web.archive.org/web/20130120234844/http://php-charts.com/https://www.exploit-db.com/exploits/24201https://www.exploit-db.com/exploits/24273https://www.vulncheck.com/advisories/php-charts-php-code-executionhttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/php_charts_exec.rbhttps://www.exploit-db.com/exploits/24201https://www.exploit-db.com/exploits/24273
2025-08-05
Published