Lucene search

[email protected]CVE-2012-5777

HistoryNov 16, 2012 - 12:55 a.m.

CVE-2012-5777

2012-11-1600:55:01

CWE-94

[email protected]

web.nvd.nist.gov

cve-2012-5777

eval injection

replacelistvars function

template parser

empirecms 6.6

remote code execution

nvd

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.6%

JSON

Eval injection vulnerability in the ReplaceListVars function in the template parser in e/class/connect.php in EmpireCMS 6.6 allows user-assisted remote attackers to execute arbitrary PHP code via a crafted template.

Affected configurations

NVD

Node

phomeempirecmsMatch6.6

CPENameOperatorVersion
phome:empirecmsphome empirecmseq6.6

CPE	Name	Operator	Version
phome:empirecms	phome empirecms	eq	6.6

References

archives.neohapsis.com/archives/bugtraq/2012-11/0027.html

packetstormsecurity.com/files/117902/EmpireCMS-6.6-PHP-Code-Execution.html

packetstormsecurity.org/files/117902/EmpireCMS-6.6-PHP-Code-Execution.html

www.securityfocus.com/bid/56406

exchange.xforce.ibmcloud.com/vulnerabilities/79779

7.9 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.6%

JSON

Related for CVE-2012-5777

cvelist1 nvd1 securityvulns1 prion1 packetstorm1