CVE-2008-5071 - Vulnerability Details - OpenCVE

Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Yoxel	Yoxel

Configuration 1 [-]

OR	cpe:2.3:a:yoxel:yoxel::::::::
	cpe:2.3:a:yoxel:yoxel:1.06beta:::::::*
	cpe:2.3:a:yoxel:yoxel:1.07beta:::::::*
	cpe:2.3:a:yoxel:yoxel:1.08beta:::::::*
	cpe:2.3:a:yoxel:yoxel:1.09beta:::::::*
	cpe:2.3:a:yoxel:yoxel:1.10beta:::::::*
	cpe:2.3:a:yoxel:yoxel:1.11beta:::::::*
	cpe:2.3:a:yoxel:yoxel:1.12beta:::::::*
	cpe:2.3:a:yoxel:yoxel:1.13beta:::::::*
	cpe:2.3:a:yoxel:yoxel:1.14beta:::::::*
	cpe:2.3:a:yoxel:yoxel:1.15beta:::::::*
	cpe:2.3:a:yoxel:yoxel:1.16beta:::::::*
	cpe:2.3:a:yoxel:yoxel:1.17beta:::::::*
	cpe:2.3:a:yoxel:yoxel:1.18beta:::::::*
	cpe:2.3:a:yoxel:yoxel:1.19beta:::::::*
	cpe:2.3:a:yoxel:yoxel:1.20:::::::*
	cpe:2.3:a:yoxel:yoxel:1.20beta:::::::*
	cpe:2.3:a:yoxel:yoxel:1.21:::::::*
	cpe:2.3:a:yoxel:yoxel:1.21beta:::::::*
	cpe:2.3:a:yoxel:yoxel:1.22:::::::*
	cpe:2.3:a:yoxel:yoxel:1.22beta:::::::*

No data.

References

Link	Providers
http://securityreason.com/securityalert/4591
http://www.securityfocus.com/bid/31448
https://exchange.xforce.ibmcloud.com/vulnerabilities/45488
https://www.exploit-db.com/exploits/6606

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-11-14T16:00:00

Updated: 2024-08-07T10:40:16.995Z

Reserved: 2008-11-14T00:00:00

Link: CVE-2008-5071

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-11-14T18:07:59.903

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-5071

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-27T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "4591", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/4591"}, {"name": "6606", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/6606"}, {"name": "31448", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31448"}, {"name": "yoxel-itpmestimate-file-include(45488)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45488"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5071", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "4591", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/4591"}, {"name": "6606", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/6606"}, {"name": "31448", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31448"}, {"name": "yoxel-itpmestimate-file-include(45488)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45488"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:40:16.995Z"}, "title": "CVE Program Container", "references": [{"name": "4591", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/4591"}, {"name": "6606", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/6606"}, {"name": "31448", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31448"}, {"name": "yoxel-itpmestimate-file-include(45488)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45488"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5071", "datePublished": "2008-11-14T16:00:00", "dateReserved": "2008-11-14T00:00:00", "dateUpdated": "2024-08-07T10:40:16.995Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:yoxel:yoxel:*:*:*:*:*:*:*:*", "matchCriteriaId": "A647E3D4-B88A-4D99-B813-93BB560DD025", "versionEndIncluding": "1.23beta", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.06beta:*:*:*:*:*:*:*", "matchCriteriaId": "989E177E-98D6-45B9-9434-0C8DFAE34FA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.07beta:*:*:*:*:*:*:*", "matchCriteriaId": "FD7A2FCA-B9AE-4F78-A21E-3DAC06DA4DD1", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.08beta:*:*:*:*:*:*:*", "matchCriteriaId": "4A62DC39-FCC8-4DB6-8E66-81E98B3B8F78", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.09beta:*:*:*:*:*:*:*", "matchCriteriaId": "A09AE305-69C3-4893-8189-9EEBA53FD198", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.10beta:*:*:*:*:*:*:*", "matchCriteriaId": "EE19C5E7-2676-4422-9048-58F12F43EF2B", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.11beta:*:*:*:*:*:*:*", "matchCriteriaId": "3EDFA99B-847D-4F04-A8E0-28C5538EE35B", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.12beta:*:*:*:*:*:*:*", "matchCriteriaId": "2EC573FA-91A4-440F-B146-0A8FA0165549", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.13beta:*:*:*:*:*:*:*", "matchCriteriaId": "DD9AD51C-28EE-47E0-A2D2-225E3388294A", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.14beta:*:*:*:*:*:*:*", "matchCriteriaId": "8E71B78B-211E-40C7-AC8E-BFF0B36E512D", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.15beta:*:*:*:*:*:*:*", "matchCriteriaId": "8BC91E52-5013-43D4-BF42-CB2A914E8358", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.16beta:*:*:*:*:*:*:*", "matchCriteriaId": "767EAEBB-D2E9-47B1-91BD-94E60DFF0CC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.17beta:*:*:*:*:*:*:*", "matchCriteriaId": "6CECE0CC-038D-4E62-8E1A-3C723042FBD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.18beta:*:*:*:*:*:*:*", "matchCriteriaId": "E3A01DDD-1D24-4447-A14D-53088AA16848", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.19beta:*:*:*:*:*:*:*", "matchCriteriaId": "339C69F5-5B86-436D-9393-E11F100BE1FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.20:*:*:*:*:*:*:*", "matchCriteriaId": "724ECAA0-1CD8-4628-9363-DBE4C7CD064B", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.20beta:*:*:*:*:*:*:*", "matchCriteriaId": "DD8FCE22-A7C8-4018-BEFE-B1B934230B51", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.21:*:*:*:*:*:*:*", "matchCriteriaId": "7A84BC95-72DD-47E1-A168-EEEAF25AA6D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.21beta:*:*:*:*:*:*:*", "matchCriteriaId": "7591AB90-7E1C-4227-A10C-1589C19D5039", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.22:*:*:*:*:*:*:*", "matchCriteriaId": "801E1543-F8DF-46FB-BDA3-C1FD7AD0B333", "vulnerable": true}, {"criteria": "cpe:2.3:a:yoxel:yoxel:1.22beta:*:*:*:*:*:*:*", "matchCriteriaId": "EFA3C80F-822F-434A-91E2-4618BB74F491", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n \"Eval\" en itpm_estimate.php en Yoxel v1.23beta y versiones anteriores permite a usuarios remotos autenticados ejecutar comandos PHP de su elecci\u00f3n a trav\u00e9s del par\u00e1metor \"proj_id\"."}], "id": "CVE-2008-5071", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-11-14T18:07:59.903", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/4591"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/31448"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45488"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/6606"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/4591"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/31448"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45488"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/6606"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}