Home

Description

PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.

PUBLISHED Reserved 2025-08-05 | Published 2025-08-05 | Updated 2026-04-07 | Assigner VulnCheck




CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Product status

Default status
unknown

1.0
affected

Credits

AkaStep finder

References

raw.githubusercontent.com/.../unix/webapp/php_charts_exec.rb exploit

www.exploit-db.com/exploits/24201 exploit

www.exploit-db.com/exploits/24273 exploit

raw.githubusercontent.com/.../unix/webapp/php_charts_exec.rb exploit

www.exploit-db.com/exploits/24201 exploit

www.exploit-db.com/exploits/24273 exploit

web.archive.org/web/20130120234844/http://php-charts.com/ product

www.vulncheck.com/advisories/php-charts-php-code-execution third-party-advisory

cve.org (CVE-2013-10070)

nvd.nist.gov (CVE-2013-10070)

Download JSON