QwikSec

Security Database

CVE

CWE

Training

CVE-2009-0677

Published: Feb 22, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with the eval switch, as specified in an element of the patterns array.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_OSVDB

http://ravenphpscripts.com/postt17156.html&sid=12d1201371612260a42fa846ebce7bad

x_refsource_CONFIRM

20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0

mailing-list

x_refsource_BUGTRAQ

exploit

x_refsource_EXPLOIT-DB

http://www.waraxe.us/advisory-72.html

x_refsource_MISC

ravennuke-avatarlist-code-execution(48789)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.