CRITICAL🇵🇱 Wersja polska

CVE-2013-10070

CVSS 10.0v4.0pub. 2025-08-05upd. 2026-04-15

PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.

🤖 AI Analysis
How it works

The vulnerability (CWE-95 — Improper Neutralization of Directives in Dynamically Evaluated Code) lies in the fact that the wizard/url.php script retrieves parameter names from the GET request and passes them directly to the PHP eval() function. An attacker can embed arbitrary PHP code in the parameter name, e.g., a base64-encoded payload containing system commands. Upon receiving the request, the web server executes the injected code in its own context without any verification of the requester's identity.

Impact

An unauthorized remote attacker can execute arbitrary system commands with the privileges of the web server process, leading to complete takeover of the system hosting the application, including data, configuration, and other resources accessible from the server level.

Mitigation & patch

Immediately remove or isolate PHP-Charts v1.0 from production environments. Apply patches available from the vendor according to references. As a temporary measure, block access to the wizard/url.php file at the firewall or web server configuration level and restrict the ability to execute external commands by the web server process.

Who is affected

PHP-Charts version 1.0 (wizard/url.php file)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEAuth Bypass
CWE
References