CVE: Common Vulnerabilities and Exposures

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

alert

Notice: Keyword searching of CVE Records is now available in the search box above. Keywords may include a CVE ID (e.g., CVE-2024-1234), or one or more keywords separated by a space (e.g., authorization, SQL Injection, cross site scripting, etc.). Learn more here.

Expand or collapse notification button

Required CVE Record Information

Description

In iPear, the manual execution of the eval() function can lead to command injection. Only PCs where commands are manually executed via "For Developers" are affected. This function allows executing any PHP code within iPear which may change, damage, or steal data (files) from the PC.

CWE 1 Total

CWE-78: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSS 1 Total

Product Status

Versions 2 Total

Default Status: unknown

affected

References 1 Total

https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj
external site

Updated: 2024-08-04

This container includes required additional information provided by the CVE Program for this vulnerability.

References 1 Total

https://github.com/yaBobJonez/iPear/security/advisories/GHSA-4xvp-35fx-hjjj
external site
x_transferred