CVE: CVE-2008-5071

Export to Word

Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.02339
Percentile: 0.84183

CVSS Scoring

CVSS v2 Score: 9.0

Severity:

Mapped CWE(s)

CWE-94 : Improper Control of Generation of Code ('Code Injection')

All CAPEC(s)

CAPEC-242: Code Injection
CAPEC-35: Leverage Executable Code in Non-Executable Files
CAPEC-77: Manipulating User-Controlled Variables

CAPEC(s) with Mapped TTPs

CAPEC-35: Leverage Executable Code in Non-Executable Files
Mapped TTPs:
- T1027.006 : HTML Smuggling
- T1027.009 : Embedded Payloads
- T1564.009 : Resource Forking

Mapped ATT&CK TTPs

T1027.006 : HTML Smuggling
Kill Chain: defense-evasion
T1027.009 : Embedded Payloads
Kill Chain: defense-evasion
T1564.009 : Resource Forking
Kill Chain: defense-evasion

Malware

APTs Threat Group Associations

Campaigns

C0021

Affected Products

cpe:2.3:a:yoxel:yoxel:*:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.06beta:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.07beta:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.08beta:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.09beta:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.10beta:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.11beta:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.12beta:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.13beta:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.14beta:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.15beta:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.16beta:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.17beta:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.18beta:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.19beta:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.20:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.20beta:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.21:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.21beta:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.22:*:*:*:*:*:*:*
cpe:2.3:a:yoxel:yoxel:1.22beta:*:*:*:*:*:*:*

← Back to Home