CVE-2014-1632
HIGHEventum <2.3.5 - Command Injection
Title source: llmDescription
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.
Exploits (1)
References (4)
Scores
CVSS v3
8.1
EPSS
0.1690
EPSS Percentile
95.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-275
Status
published
Products (1)
eventum_project/eventum
< 2.3.5
Published
Jan 31, 2018
Tracked Since
Feb 18, 2026