Unrated severityNVD Advisory· Published Mar 24, 2005· Updated Apr 16, 2026

CVE-2005-0887

Description

Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.

Affected products

Michael Dean/Double Choco Latte4 versions
cpe:2.3:a:michael_dean:double_choco_latte:0.9.3:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:michael_dean:double_choco_latte:0.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:michael_dean:double_choco_latte:0.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:michael_dean:double_choco_latte:0.9.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:michael_dean:double_choco_latte:0.9.4.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/14688nvdPatchVendor Advisory
securitytracker.com/idnvdPatchVendor Advisory
sourceforge.net/project/shownotes.phpnvdPatchVendor Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/19806nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000