Vulnerability Details CVE-2008-5071
Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.023
EPSS Ranking 84.2%
CVSS Severity
CVSS v2 Score 9.0
References
- http://securityreason.com/securityalert/4591
- http://www.securityfocus.com/bid/31448
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45488
- https://www.exploit-db.com/exploits/6606
- http://securityreason.com/securityalert/4591
- http://www.securityfocus.com/bid/31448
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45488
- https://www.exploit-db.com/exploits/6606
Products affected by CVE-2008-5071
-
cpe:2.3:a:yoxel:yoxel:*
-
cpe:2.3:a:yoxel:yoxel:1.06beta
-
cpe:2.3:a:yoxel:yoxel:1.07beta
-
cpe:2.3:a:yoxel:yoxel:1.08beta
-
cpe:2.3:a:yoxel:yoxel:1.09beta
-
cpe:2.3:a:yoxel:yoxel:1.10beta
-
cpe:2.3:a:yoxel:yoxel:1.11beta
-
cpe:2.3:a:yoxel:yoxel:1.12beta
-
cpe:2.3:a:yoxel:yoxel:1.13beta
-
cpe:2.3:a:yoxel:yoxel:1.14beta
-
cpe:2.3:a:yoxel:yoxel:1.15beta
-
cpe:2.3:a:yoxel:yoxel:1.16beta
-
cpe:2.3:a:yoxel:yoxel:1.17beta
-
cpe:2.3:a:yoxel:yoxel:1.18beta
-
cpe:2.3:a:yoxel:yoxel:1.19beta
-
cpe:2.3:a:yoxel:yoxel:1.20
-
cpe:2.3:a:yoxel:yoxel:1.20beta
-
cpe:2.3:a:yoxel:yoxel:1.21
-
cpe:2.3:a:yoxel:yoxel:1.21beta
-
cpe:2.3:a:yoxel:yoxel:1.22
-
cpe:2.3:a:yoxel:yoxel:1.22beta