CVE-2007-5693

Properties

Published:
28.10.2007
Updated:
31.10.2007
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:M/Au:S/C:P/I:P/A:P)
Product:
SiteBar: SiteBar

Vulnerability description

Eval injection vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492.

References:

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/482499/100/0/threaded
http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup: http://teamforge.net/viewcvs/viewcvs.cgi/tags/release-3.3.9/doc/history.txt?view=markup
BID: http://www.securityfocus.com/bid/26126