CVE-2013-10070— PHP-Charts v1.0 PHP Code Execution
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2013-10070
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PHP-Charts v1.0 PHP Code Execution
Source: NVD (National Vulnerability Database)
Vulnerability Description
PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
PHP-Charts 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PHP-Charts是PHP-Charts公司的一个图标生成软件。 PHP-Charts v1.0版本存在安全漏洞,该漏洞源于未清理GET参数,可能导致PHP代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| PHP-Charts | PHP-Charts | 1.0 | - |
II. Public POCs for CVE-2013-10070
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2013-10070
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-95
- CVE-2026-44128
Unauthenticated Remote Code Execution - CVE-2026-42079
PPTAgent: Arbitrary Code Execution via Python eval() of LLM- - CVE-2026-6652
Pagekit CMS StringStorage Template PhpEngine.php evaluate ev - CVE-2026-33618
Chamilo LMS Affected by Remote Code Execution via eval() in - CVE-2026-5971
FoundationAgents MetaGPT XML action_node.py ActionNode.xml_f
V. Comments for CVE-2013-10070
No comments yet