CVE-2005-0887

Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.

Published: Mar 24, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-0887
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
michael_dean / double_choco_latte	0.9.3	0.9.3.x
michael_dean / double_choco_latte	0.9.4.2	0.9.4.2.x
michael_dean / double_choco_latte	0.9.4.3	0.9.4.3.x
michael_dean / double_choco_latte	0.9.4	0.9.4.x

http://secunia.com/advisories/14688
http://securitytracker.com/id?1013559
http://sourceforge.net/project/shownotes.php?release_id=315144
https://exchange.xforce.ibmcloud.com/vulnerabilities/19806

Vulnerability Database

290,273

CVE-2005-0887