Score
9.8
Critical
Date publish
27-06-2017
Versiones afectadas
- Up to and including 4.8.27
- Versions from 5.0.0 up to but not including 5.6.3
Description
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "References
Metrics
| cvssMetricV31 |
|---|
| source | nvd@nist.gov | 134c704f-9b21-4f2e-91b3-4a467353bcc0 |
| type | Primary | Secondary |
| version | 3.1 | 3.1 |
| vectorString | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| baseScore | 9.8 | 9.8 |
| baseSeverity | CRITICAL | CRITICAL |
| attackVector | NETWORK | NETWORK |
| attackComplexity | LOW | LOW |
| privilegesRequired | NONE | NONE |
| userInteraction | NONE | NONE |
| scope | UNCHANGED | UNCHANGED |
| confidentialityImpact | HIGH | HIGH |
| integrityImpact | HIGH | HIGH |
| availabilityImpact | HIGH | HIGH |
| exploitabilityScore | 3.9 | 3.9 |
| impactScore | 5.9 | 5.9 |
| cvssMetricV2 |
|---|
| source | nvd@nist.gov |
| type | Primary |
| version | 2.0 |
| vectorString | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| baseScore | 7.5 |
| accessVector | NETWORK |
| accessComplexity | LOW |
| authentication | NONE |
| confidentialityImpact | PARTIAL |
| integrityImpact | PARTIAL |
| availabilityImpact | PARTIAL |
| baseSeverity | HIGH |
| exploitabilityScore | 10 |
| impactScore | 6.4 |
| acInsufInfo | False |
| obtainAllPrivilege | False |
| obtainUserPrivilege | False |
| obtainOtherPrivilege | False |
| userInteractionRequired | False |
