Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via (1) Help.pm, (2) International.pm, or (3) WebGUI.pm.
Threat-Mapped Scoring
Score: 0.0
Priority: Unclassified
EPSS
Score: 0.00881
Percentile:
0.7441
CVSS Scoring
CVSS v2 Score: 7.5
Severity:
Mapped CWE(s)
-
CWE-94
: Improper Control of Generation of Code ('Code Injection')
All CAPEC(s)
-
CAPEC-242: Code Injection
-
CAPEC-35: Leverage Executable Code in Non-Executable Files
-
CAPEC-77: Manipulating User-Controlled Variables
CAPEC(s) with Mapped TTPs
-
CAPEC-35: Leverage Executable Code in Non-Executable Files
Mapped TTPs:
Mapped ATT&CK TTPs
-
T1027.006
: HTML Smuggling
Kill Chain: defense-evasion
-
T1027.009
: Embedded Payloads
Kill Chain: defense-evasion
-
T1564.009
: Resource Forking
Kill Chain: defense-evasion
Malware
APTs Threat Group Associations
Campaigns
Affected Products
- cpe:2.3:a:plainblack:webgui:*:*:*:*:*:*:*:*
← Back to Home