CVE-2009-0820

Published Mar 5, 2009

Last updated a month ago

CVSS info 7.5

Overview

Description: Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 allow remote attackers to execute arbitrary code via (1) the end_date parameter to reserve.php and (2) the start_date and end_date parameters to check.php. NOTE: the start_date/reserve.php vector is already covered by CVE-2008-6132.
Source: cve@mitre.org
NVD status: Deferred

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-94

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:php.brickhost:phpscheduleit:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E82FC990-E9AC-4B43-ABBF-5F40ABF1A80A",
            "versionEndIncluding": "1.2.10"
          },
          {
            "criteria": "cpe:2.3:a:php.brickhost:phpscheduleit:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7290BF1C-6FE1-41E4-BDA0-83DE37386E47"
          },
          {
            "criteria": "cpe:2.3:a:php.brickhost:phpscheduleit:1.0.0rc1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D62D45B-DA45-433C-925A-1040E21FA522"
          },
          {
            "criteria": "cpe:2.3:a:php.brickhost:phpscheduleit:1.0_rc1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "719A1C06-904B-4738-A91F-A10323FB9C05"
          },
          {
            "criteria": "cpe:2.3:a:php.brickhost:phpscheduleit:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB0C585D-37C7-4995-942E-93BA744B98E7"
          },
          {
            "criteria": "cpe:2.3:a:php.brickhost:phpscheduleit:1.2.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA558DC0-AA3C-4E60-8E83-FAFA700F6B63"
          },
          {
            "criteria": "cpe:2.3:a:php.brickhost:phpscheduleit:1.2.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8713ECF3-9DCD-4497-AFC9-46A5E2BC148F"
          },
          {
            "criteria": "cpe:2.3:a:php.brickhost:phpscheduleit:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "461FB24E-23B1-4007-BEC0-F1CB35FA4018"
          },
          {
            "criteria": "cpe:2.3:a:php.brickhost:phpscheduleit:1.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D030A8C7-D749-4DC6-918C-A1D54CEA2BAD"
          },
          {
            "criteria": "cpe:2.3:a:php.brickhost:phpscheduleit:1.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16EDE5F3-3418-42AD-A580-9FD0536A59EA"
          },
          {
            "criteria": "cpe:2.3:a:php.brickhost:phpscheduleit:1.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29C6DA6B-0346-4FB1-A1A9-C54566D0119B"
          },
          {
            "criteria": "cpe:2.3:a:php.brickhost:phpscheduleit:1.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E36FAD8A-FA46-43AB-8409-12D1531FEEB2"
          },
          {
            "criteria": "cpe:2.3:a:php.brickhost:phpscheduleit:1.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D32582C-79F6-4965-AD0C-E3303F3D473C"
          },
          {
            "criteria": "cpe:2.3:a:php.brickhost:phpscheduleit:1.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3B7BC10E-49A1-4F6C-B06E-D51A172C94A9"
          },
          {
            "criteria": "cpe:2.3:a:php.brickhost:phpscheduleit:1.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDB0AC00-F7E5-4080-99EF-A70ABB67C661"
          },
          {
            "criteria": "cpe:2.3:a:php.brickhost:phpscheduleit:1.2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6AE62D0-76B5-4E28-B243-DAD69EB0DA24"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References