CVE-2013-10070

PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.

CVSS

No CVSS.

References

Link	Resource
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/php_charts_exec.rb
https://web.archive.org/web/20130120234844/http://php-charts.com/
https://www.exploit-db.com/exploits/24201
https://www.exploit-db.com/exploits/24273
https://www.vulncheck.com/advisories/php-charts-php-code-execution
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/php_charts_exec.rb
https://www.exploit-db.com/exploits/24273
https://www.exploit-db.com/exploits/24201

Configurations

No configuration.

History

05 Aug 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-05 20:15

Updated : 2025-08-07 16:15

NVD link : CVE-2013-10070

Mitre link : CVE-2013-10070

JSON object : View

Products Affected

No product.

CWE

No CWE.

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/php_charts_exec.rb", "name": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/php_charts_exec.rb", "tags": [], "refsource": ""}, {"url": "https://web.archive.org/web/20130120234844/http://php-charts.com/", "name": "https://web.archive.org/web/20130120234844/http://php-charts.com/", "tags": [], "refsource": ""}, {"url": "https://www.exploit-db.com/exploits/24201", "name": "https://www.exploit-db.com/exploits/24201", "tags": [], "refsource": ""}, {"url": "https://www.exploit-db.com/exploits/24273", "name": "https://www.exploit-db.com/exploits/24273", "tags": [], "refsource": ""}, {"url": "https://www.vulncheck.com/advisories/php-charts-php-code-execution", "name": "https://www.vulncheck.com/advisories/php-charts-php-code-execution", "tags": [], "refsource": ""}, {"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/php_charts_exec.rb", "name": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/php_charts_exec.rb", "tags": [], "refsource": ""}, {"url": "https://www.exploit-db.com/exploits/24273", "name": "https://www.exploit-db.com/exploits/24273", "tags": [], "refsource": ""}, {"url": "https://www.exploit-db.com/exploits/24201", "name": "https://www.exploit-db.com/exploits/24201", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-10070", "ASSIGNER": "disclosure@vulncheck.com"}}, "impact": {}, "publishedDate": "2025-08-05T20:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-07T16:15Z"}