216.73.216.233

CVE-2013-10070

· Published 05/08/2025 20:15 · Modified 05/08/2025 21:06

Labels: CVE-2013-10070 2025-08-05CVE-2013-10070CWE-95[email protected]

Essential information

Published
05/08/2025 20:15
Modified
05/08/2025 21:06
Author
Creator
CVSS
10.0 CRITICAL (v3) 10.0 CRITICAL (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
php-charts / php-charts cpe:2.3:a:php-charts:php-charts:1.0:*:*:*:*:*:*:*

References