CVE-2009-0677

RavenNuke 2.30 - Authenticated Remote Code Execution via Your Account Module Avatarlist preg_replace

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0677. PoCs published by waraxe.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in RavenNuke 2.3.0, including remote PHP code execution via uninitialized arrays in 'avatarlist.php' and insecure 'eval()' usage in the 'Your Account' module, SQL injection in the 'Resend_Email' module, and local file detection in 'captcha.php'. It provides technical analysis, vulnerable code fragments, and proof-of-concept test cases.

Description

avatarlist.php in the Your Account module, reached through modules.php, in Raven Web Services RavenNuke 2.30 allows remote authenticated users to execute arbitrary code via PHP sequences in an element of the replacements array, which is processed by the preg_replace function with the eval switch, as specified in an element of the patterns array.

Exploits (1)

exploitdb WRITEUP VERIFIED
by waraxe · textwebappsphp
https://www.exploit-db.com/exploits/8068

This advisory details multiple vulnerabilities in RavenNuke 2.3.0, including remote PHP code execution via uninitialized arrays in 'avatarlist.php' and insecure 'eval()' usage in the 'Your Account' module, SQL injection in the 'Resend_Email' module, and local file detection in 'captcha.php'. It provides technical analysis, vulnerable code fragments, and proof-of-concept test cases.

Classification
Writeup 100%
Attack Type
Rce | Sqli | Info Leak
Complexity
Moderate
Reliability
Reliable
Target: RavenNuke 2.3.0
Auth required
Prerequisites: Attacker must be logged in as a user for some exploits · Admin rights required for certain vulnerabilities
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33787
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33928
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/52007
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/500988/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8068
Various Sources x_refsource_misc
http://www.waraxe.us/advisory-72.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48789

Scores

EPSS 0.0903
EPSS Percentile 94.6%

Details

CWE
CWE-94
Status published
Products (1)
ravenphpscripts/ravennuke 2.30
Published Feb 22, 2009
Tracked Since Feb 18, 2026