CVE-2013-7034 - Vulnerability Details - OpenCVE

The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Livezilla	Livezilla

Configuration 1 [-]

OR	cpe:2.3:a:livezilla:livezilla::::::::
	cpe:2.3:a:livezilla:livezilla:3.1.8.3:::::::*
	cpe:2.3:a:livezilla:livezilla:3.2.0.2:::::::*
	cpe:2.3:a:livezilla:livezilla:4.0.1.0:::::::*
	cpe:2.3:a:livezilla:livezilla:4.0.1.1:::::::*
	cpe:2.3:a:livezilla:livezilla:4.0.1.2:::::::*
	cpe:2.3:a:livezilla:livezilla:4.1.0.3:::::::*
	cpe:2.3:a:livezilla:livezilla:4.1.0.4:::::::*
	cpe:2.3:a:livezilla:livezilla:4.2.0.4:::::::*
	cpe:2.3:a:livezilla:livezilla:4.2.0.5:::::::*
	cpe:2.3:a:livezilla:livezilla:5.0.1.0:::::::*
	cpe:2.3:a:livezilla:livezilla:5.0.1.1:::::::*
	cpe:2.3:a:livezilla:livezilla:5.0.1.2:::::::*
	cpe:2.3:a:livezilla:livezilla:5.0.1.3:::::::*
	cpe:2.3:a:livezilla:livezilla:5.0.1.4:::::::*
	cpe:2.3:a:livezilla:livezilla:5.1.0.0:::::::*
	cpe:2.3:a:livezilla:livezilla:5.1.1.0:::::::*

No data.

References

Link	Providers
http://archives.neohapsis.com/archives/bugtraq/2013-12/0078.html
http://forums.livezilla.net/index.php?/topic/163-livezilla-changelog/
http://www.securityfocus.com/bid/64383
https://exchange.xforce.ibmcloud.com/vulnerabilities/89796

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-05-05T17:00:00

Updated: 2024-08-06T17:53:45.947Z

Reserved: 2013-12-09T00:00:00

Link: CVE-2013-7034

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-05-05T17:06:05.137

Modified: 2025-04-12T10:46:40.837

Link: CVE-2013-7034

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-10T00:00:00", "descriptions": [{"lang": "en", "value": "The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20131214 LiveZilla 5.1.2.0 PHP Object Injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0078.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://forums.livezilla.net/index.php?/topic/163-livezilla-changelog/"}, {"name": "64383", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/64383"}, {"name": "livezilla-cve20137034-xss(89796)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89796"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7034", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20131214 LiveZilla 5.1.2.0 PHP Object Injection", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0078.html"}, {"name": "http://forums.livezilla.net/index.php?/topic/163-livezilla-changelog/", "refsource": "CONFIRM", "url": "http://forums.livezilla.net/index.php?/topic/163-livezilla-changelog/"}, {"name": "64383", "refsource": "BID", "url": "http://www.securityfocus.com/bid/64383"}, {"name": "livezilla-cve20137034-xss(89796)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89796"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:53:45.947Z"}, "title": "CVE Program Container", "references": [{"name": "20131214 LiveZilla 5.1.2.0 PHP Object Injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0078.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://forums.livezilla.net/index.php?/topic/163-livezilla-changelog/"}, {"name": "64383", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/64383"}, {"name": "livezilla-cve20137034-xss(89796)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89796"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7034", "datePublished": "2014-05-05T17:00:00", "dateReserved": "2013-12-09T00:00:00", "dateUpdated": "2024-08-06T17:53:45.947Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:livezilla:livezilla:*:*:*:*:*:*:*:*", "matchCriteriaId": "8685C528-1012-467B-9011-C668ABFF4FF1", "versionEndIncluding": "5.1.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:3.1.8.3:*:*:*:*:*:*:*", "matchCriteriaId": "56789521-4DD0-4FE8-80E4-9D99BDD43551", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:3.2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "8284B387-D399-49D1-921C-414A8B9E6DF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "2D97BE25-92A1-4F57-B433-0650BEC6A714", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "D38AA0A9-D234-4366-BCA2-7E8D44B5AE3C", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "AE5118FB-A7DB-4E40-8B65-F72BA94FADF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "C3585416-E7D6-4F2E-974F-6033B1EA493D", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "A015EC43-FEE9-401E-879E-5075E98E7566", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "171BA61E-BC9A-46E7-B69A-CDC01D6B1CC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:4.2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "013B3FB8-47DB-4C27-894E-E837200D267F", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:5.0.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D4F8D1A5-B008-4D92-9522-FD9B82A5C6F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:5.0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "C198E0EB-5E32-4952-9297-BC05C2E8EC77", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:5.0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "E252F349-6B4C-4DD0-B566-6F701F5D639F", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:5.0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "DF76D3A5-3926-40B2-85A2-DF088428CB9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:5.0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "3BF03B88-78BB-447E-A8E3-3053DEAB5BA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:5.1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "5857ABFC-FA81-4D0B-9CF1-EE64422A4B96", "vulnerable": true}, {"criteria": "cpe:2.3:a:livezilla:livezilla:5.1.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "26D87246-BC8B-4B74-8565-232422517E93", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie."}, {"lang": "es", "value": "La funci\u00f3n setCookieValue en _lib/functions.global.inc.php en LiveZilla anterior a 5.1.2.1 permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de un objeto PHP serializado en un cookie."}], "id": "CVE-2013-7034", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-05T17:06:05.137", "references": [{"source": "cve@mitre.org", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0078.html"}, {"source": "cve@mitre.org", "url": "http://forums.livezilla.net/index.php?/topic/163-livezilla-changelog/"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/64383"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89796"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0078.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://forums.livezilla.net/index.php?/topic/163-livezilla-changelog/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/64383"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89796"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}