Description
Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel 1.23beta and earlier allow remote authenticated users to execute arbitrary PHP code via the proj_id parameter.
Exploits (1)
References (4)
Core 4
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4591
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/6606
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31448
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45488
Scores
EPSS
0.0406
EPSS Percentile
88.6%
Details
CWE
CWE-94
Status
published
Products (21)
yoxel/yoxel
1.06beta
yoxel/yoxel
1.07beta
yoxel/yoxel
1.08beta
yoxel/yoxel
1.09beta
yoxel/yoxel
1.10beta
yoxel/yoxel
1.11beta
yoxel/yoxel
1.12beta
yoxel/yoxel
1.13beta
yoxel/yoxel
1.14beta
yoxel/yoxel
1.15beta
... and 11 more
Published
Nov 14, 2008
Tracked Since
Feb 18, 2026