CVE-2014-1632

EUVD-2014-1706
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
eventum_projecteventum
𝑥
< 2.3.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4665
http://www.securityfocus.com/archive/1/530891/100/0/threaded
https://bugs.launchpad.net/eventum/+bug/1271499
https://www.htbridge.com/advisory/HTB23198
http://bazaar.launchpad.net/~eventum-developers/eventum/trunk/revision/4665
http://www.securityfocus.com/archive/1/530891/100/0/threaded
https://bugs.launchpad.net/eventum/+bug/1271499
https://www.htbridge.com/advisory/HTB23198