Description
Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/25271
References (4)
Core 4
Core References
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/14688
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19806
Patch, Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1013559
Patch, Vendor Advisory x_refsource_confirm
http://sourceforge.net/project/shownotes.php?release_id=315144
Scores
EPSS
0.0711
EPSS Percentile
91.6%
Details
Status
published
Products (4)
michael_dean/double_choco_latte
0.9.3
michael_dean/double_choco_latte
0.9.4
michael_dean/double_choco_latte
0.9.4.2
michael_dean/double_choco_latte
0.9.4.3
Published
Mar 24, 2005
Tracked Since
Feb 18, 2026