CVE-2005-2837

Published: Sep 7, 2005Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via (1) Help.pm, (2) International.pm, or (3) WebGUI.pm.

Affected (1)

Products: Plainblack: Webgui

Plainblack

1 product

Webgui

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Plainblack Webgui	Before 6.7.3

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (4)

http://www.plainblack.com/getwebgui/advisories/security-exploit-found-in-6.x-versions

Source: cve@mitre.org

Broken LinkPatchVendor Advisory

http://www.securityfocus.com/bid/14732

Source: cve@mitre.org

Broken LinkPatchThird Party AdvisoryVDB Entry

http://www.plainblack.com/getwebgui/advisories/security-exploit-found-in-6.x-versions

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkPatchVendor Advisory

http://www.securityfocus.com/bid/14732

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkPatchThird Party AdvisoryVDB Entry

Timeline

No history available yet.