CVE-2013-10070
PHP-Charts v1.0 PHP Code Execution
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
PHP-Charts · PHP-Chartspublic PoCs found — 3
cve_referenceraw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/php_charts_exec.rbunverifiedcve_referencewww.exploit-db.com/exploits/24201unverifiedcve_referencewww.exploit-db.com/exploits/24273unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/php_charts_exec.rbhttps://web.archive.org/web/20130120234844/http://php-charts.com/https://www.exploit-db.com/exploits/24201https://www.exploit-db.com/exploits/24273https://www.vulncheck.com/advisories/php-charts-php-code-execution