Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2012-5223
HistoryOct 01, 2012 - 8:55 p.m.

CVE-2012-5223

2012-10-0120:55:03
CWE-94
[email protected]
web.nvd.nist.gov
15
cve-2012-5223
nvd
vbseo
php
remote code execution
security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.924 High

EPSS

Percentile

99.0%

JSON

The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via “complex curly syntax” in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.

Affected configurations

NVD
Node
crawlabilityvbseoRange3.6.0
OR
crawlabilityvbseoMatch2.0.0
OR
crawlabilityvbseoMatch2.1.0
OR
crawlabilityvbseoMatch2.1.1
OR
crawlabilityvbseoMatch2.2.0
OR
crawlabilityvbseoMatch2.3.0
OR
crawlabilityvbseoMatch2.4.0
OR
crawlabilityvbseoMatch2.4.5
OR
crawlabilityvbseoMatch3.0.0
OR
crawlabilityvbseoMatch3.0.0rc2
OR
crawlabilityvbseoMatch3.0.0rc3
OR
crawlabilityvbseoMatch3.0.0rc4
OR
crawlabilityvbseoMatch3.0.0rc5
OR
crawlabilityvbseoMatch3.0.0rc6
OR
crawlabilityvbseoMatch3.1.0
OR
crawlabilityvbseoMatch3.2.0
OR
crawlabilityvbseoMatch3.2.0rc4
OR
crawlabilityvbseoMatch3.2.0rc5
OR
crawlabilityvbseoMatch3.2.0rc7
OR
crawlabilityvbseoMatch3.2.0rc8
OR
crawlabilityvbseoMatch3.3.0
OR
crawlabilityvbseoMatch3.3.0rc1
OR
crawlabilityvbseoMatch3.3.0rc2
OR
crawlabilityvbseoMatch3.3.1
OR
crawlabilityvbseoMatch3.5.0
OR
crawlabilityvbseoMatch3.5.0beta1
OR
crawlabilityvbseoMatch3.5.0beta2
OR
crawlabilityvbseoMatch3.5.0rc1
OR
crawlabilityvbseoMatch3.5.0rc2
OR
crawlabilityvbseoMatch3.5.0rc3
OR
crawlabilityvbseoMatch3.5.1
OR
crawlabilityvbseoMatch3.5.2
OR
crawlabilityvbseoMatch3.6.0beta1
OR
crawlabilityvbseoMatch3.6.0rc1
OR
crawlabilityvbseoMatch3.6.0rc2

Related

cvelist 1
dsquare 1
checkpoint_advisories 1
prion 1
openvas 2
nvd 1
cvelist
cvelist
CVE-2012-5223
2012-10-01 20:00:00
dsquare
dsquare
vBSEO 3.6.0 RCE
2012-01-31 00:00:00
checkpoint_advisories
checkpoint_advisories
vBSEO Remote PHP Code Injection (CVE-2012-5223)
2013-06-06 00:00:00
prion
prion
Code injection
2012-10-01 20:55:00
openvas
openvas
vBSEO 'proc_deutf()' Remote Code Execution Vulnerability
2012-01-31 00:00:00
vBSEO 'proc_deutf()' RCE Vulnerability
2012-01-31 00:00:00
nvd
nvd
CVE-2012-5223
2012-10-01 20:55:03

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.6 High

AI Score

Confidence

Low

0.924 High

EPSS

Percentile

99.0%

JSON
Related for CVE-2012-5223
cvelist1dsquare1checkpoint_advisories1prion1openvas2nvd1