Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via (1) Help.pm, (2) International.pm, or (3) WebGUI.pm.
References
Link | Resource |
---|---|
http://www.plainblack.com/getwebgui/advisories/security-exploit-found-in-6.x-versions | Broken Link Patch Vendor Advisory |
http://www.securityfocus.com/bid/14732 | Broken Link Patch Third Party Advisory VDB Entry |
Configurations
History
14 Feb 2024, 16:53
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) http://www.plainblack.com/getwebgui/advisories/security-exploit-found-in-6.x-versions - Broken Link, Patch, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/14732 - Broken Link, Patch, Third Party Advisory, VDB Entry | |
CWE | CWE-94 | |
First Time |
Plainblack
Plainblack webgui |
|
CPE | cpe:2.3:a:plain_black:webgui:6.6.0:*:*:*:*:*:*:* cpe:2.3:a:plain_black:webgui:6.2:*:*:*:*:*:*:* cpe:2.3:a:plain_black:webgui:6.7.2:*:*:*:*:*:*:* cpe:2.3:a:plain_black:webgui:6.2.5:*:*:*:*:*:*:* cpe:2.3:a:plain_black:webgui:6.2.3:*:*:*:*:*:*:* cpe:2.3:a:plain_black:webgui:5.2.4:*:*:*:*:*:*:* cpe:2.3:a:plain_black:webgui:6.7.0:*:*:*:*:*:*:* cpe:2.3:a:plain_black:webgui:6.4.0:*:*:*:*:*:*:* cpe:2.3:a:plain_black:webgui:6.7.1:*:*:*:*:*:*:* cpe:2.3:a:plain_black:webgui:6.2.1:*:*:*:*:*:*:* cpe:2.3:a:plain_black:webgui:6.2.7:*:*:*:*:*:*:* cpe:2.3:a:plain_black:webgui:6.3.0:*:*:*:*:*:*:* cpe:2.3:a:plain_black:webgui:6.2.6:*:*:*:*:*:*:* cpe:2.3:a:plain_black:webgui:6.2.4:*:*:*:*:*:*:* cpe:2.3:a:plain_black:webgui:6.2.9:*:*:*:*:*:*:* cpe:2.3:a:plain_black:webgui:5.2.3:*:*:*:*:*:*:* cpe:2.3:a:plain_black:webgui:6.2.8:*:*:*:*:*:*:* cpe:2.3:a:plain_black:webgui:6.5.0_beta:*:*:*:*:*:*:* |
cpe:2.3:a:plainblack:webgui:*:*:*:*:*:*:*:* |
Information
Published : 2005-09-07 20:03
Updated : 2024-02-28 10:42
NVD link : CVE-2005-2837
Mitre link : CVE-2005-2837
CVE.ORG link : CVE-2005-2837
JSON object : View
Products Affected
plainblack
- webgui
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')