← back
CVE-2012-5223

CVE-2012-5223

EPSS 40.5%
The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/18424unverifiedexploitdbwww.exploit-db.com/exploits/18424unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/78508http://secunia.com/advisories/47699https://exchange.xforce.ibmcloud.com/vulnerabilities/72689http://www.exploit-db.com/exploits/18424http://www.securityfocus.com/bid/51647http://www.vbseo.com/f5/vbseo-security-bulletin-all-supported-versions-patch-release-52783/