CVE-2012-5223

The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
crawlabilityvbseo
𝑥
≤ 3.6.0
crawlabilityvbseo
2.0.0
crawlabilityvbseo
2.1.0
crawlabilityvbseo
2.1.1
crawlabilityvbseo
2.2.0
crawlabilityvbseo
2.3.0
crawlabilityvbseo
2.4.0
crawlabilityvbseo
2.4.5
crawlabilityvbseo
3.0.0
crawlabilityvbseo
3.0.0:rc2
crawlabilityvbseo
3.0.0:rc3
crawlabilityvbseo
3.0.0:rc4
crawlabilityvbseo
3.0.0:rc5
crawlabilityvbseo
3.0.0:rc6
crawlabilityvbseo
3.1.0
crawlabilityvbseo
3.2.0
crawlabilityvbseo
3.2.0:rc4
crawlabilityvbseo
3.2.0:rc5
crawlabilityvbseo
3.2.0:rc7
crawlabilityvbseo
3.2.0:rc8
crawlabilityvbseo
3.3.0
crawlabilityvbseo
3.3.0:rc1
crawlabilityvbseo
3.3.0:rc2
crawlabilityvbseo
3.3.1
crawlabilityvbseo
3.5.0
crawlabilityvbseo
3.5.0:beta1
crawlabilityvbseo
3.5.0:beta2
crawlabilityvbseo
3.5.0:rc1
crawlabilityvbseo
3.5.0:rc2
crawlabilityvbseo
3.5.0:rc3
crawlabilityvbseo
3.5.1
crawlabilityvbseo
3.5.2
crawlabilityvbseo
3.6.0:beta1
crawlabilityvbseo
3.6.0:rc1
crawlabilityvbseo
3.6.0:rc2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/78508
http://secunia.com/advisories/47699
http://www.exploit-db.com/exploits/18424
http://www.securityfocus.com/bid/51647
http://www.vbseo.com/f5/vbseo-security-bulletin-all-supported-versions-patch-release-52783/
https://exchange.xforce.ibmcloud.com/vulnerabilities/72689
http://osvdb.org/78508
http://secunia.com/advisories/47699
http://www.exploit-db.com/exploits/18424
http://www.securityfocus.com/bid/51647
http://www.vbseo.com/f5/vbseo-security-bulletin-all-supported-versions-patch-release-52783/
https://exchange.xforce.ibmcloud.com/vulnerabilities/72689