CVE-2009-0673

high

Description

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php.

References

https://www.exploit-db.com/exploits/8068

https://exchange.xforce.ibmcloud.com/vulnerabilities/48790

http://www.securityfocus.com/bid/33787

http://www.securityfocus.com/archive/1/500988/100/0/threaded

http://ravenphpscripts.com/postt17156.html

Details

Source: Mitre, NVD

Published: 2009-02-22

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.03563