Description
Eval injection vulnerability in index.php in ClanSys 1.1 allows remote attackers to execute arbitrary PHP code via PHP code in the page parameter, as demonstrated by using an "include" statement that is injected into the eval statement. NOTE: this issue has been described as file inclusion by some sources, but that is just one attack; the primary vulnerability is eval injection.
Exploits (1)
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25976
Exploit x_refsource_misc
http://www.nukedx.com/?getxpl=29
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/431873/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/782
Exploit vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015988
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/25083
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17660
Scores
EPSS
0.1061
EPSS Percentile
93.3%
Details
Status
published
Products (1)
clansys/clansys
1.1
Published
Apr 25, 2006
Tracked Since
Feb 18, 2026