FKIE_CVE-2008-5071

Vulnerability from fkie_nvd - Published: 2008-11-14 18:07 - Updated: 2026-04-23 00:35
Severity ?
Summary
Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.
References
cve@mitre.orghttp://securityreason.com/securityalert/4591
cve@mitre.orghttp://www.securityfocus.com/bid/31448Exploit
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/45488
cve@mitre.orghttps://www.exploit-db.com/exploits/6606
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/4591
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/31448Exploit
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/45488
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/6606
Impacted products
Vendor Product Version
yoxel yoxel *
yoxel yoxel 1.06beta
yoxel yoxel 1.07beta
yoxel yoxel 1.08beta
yoxel yoxel 1.09beta
yoxel yoxel 1.10beta
yoxel yoxel 1.11beta
yoxel yoxel 1.12beta
yoxel yoxel 1.13beta
yoxel yoxel 1.14beta
yoxel yoxel 1.15beta
yoxel yoxel 1.16beta
yoxel yoxel 1.17beta
yoxel yoxel 1.18beta
yoxel yoxel 1.19beta
yoxel yoxel 1.20
yoxel yoxel 1.20beta
yoxel yoxel 1.21
yoxel yoxel 1.21beta
yoxel yoxel 1.22
yoxel yoxel 1.22beta
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A647E3D4-B88A-4D99-B813-93BB560DD025",
              "versionEndIncluding": "1.23beta",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.06beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "989E177E-98D6-45B9-9434-0C8DFAE34FA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.07beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD7A2FCA-B9AE-4F78-A21E-3DAC06DA4DD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.08beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A62DC39-FCC8-4DB6-8E66-81E98B3B8F78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.09beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "A09AE305-69C3-4893-8189-9EEBA53FD198",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.10beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE19C5E7-2676-4422-9048-58F12F43EF2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.11beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EDFA99B-847D-4F04-A8E0-28C5538EE35B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.12beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EC573FA-91A4-440F-B146-0A8FA0165549",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.13beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD9AD51C-28EE-47E0-A2D2-225E3388294A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.14beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E71B78B-211E-40C7-AC8E-BFF0B36E512D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.15beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BC91E52-5013-43D4-BF42-CB2A914E8358",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.16beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "767EAEBB-D2E9-47B1-91BD-94E60DFF0CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.17beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CECE0CC-038D-4E62-8E1A-3C723042FBD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.18beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A01DDD-1D24-4447-A14D-53088AA16848",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.19beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "339C69F5-5B86-436D-9393-E11F100BE1FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "724ECAA0-1CD8-4628-9363-DBE4C7CD064B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.20beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD8FCE22-A7C8-4018-BEFE-B1B934230B51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A84BC95-72DD-47E1-A168-EEEAF25AA6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.21beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "7591AB90-7E1C-4227-A10C-1589C19D5039",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "801E1543-F8DF-46FB-BDA3-C1FD7AD0B333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:yoxel:yoxel:1.22beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFA3C80F-822F-434A-91E2-4618BB74F491",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n \"Eval\" en itpm_estimate.php en Yoxel v1.23beta y versiones anteriores permite a usuarios remotos autenticados ejecutar comandos PHP de su elecci\u00f3n a trav\u00e9s del par\u00e1metor \"proj_id\"."
    }
  ],
  "id": "CVE-2008-5071",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-11-14T18:07:59.903",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/4591"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/31448"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45488"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.exploit-db.com/exploits/6606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/4591"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/31448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.exploit-db.com/exploits/6606"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.