Unrated severityNVD Advisory· Published Feb 11, 2009· Updated Apr 23, 2026

CVE-2009-0517

Description

Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the fields parameter, which is supplied to an eval function call within the generic function in include/class/tz_env.class. NOTE: some of these details are obtained from third party information.

Affected products

Phpslash/Phpslash11 versions
cpe:2.3:a:phpslash:phpslash:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:phpslash:phpslash:*:*:*:*:*:*:*:*
- cpe:2.3:a:phpslash:phpslash:0.5.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpslash:phpslash:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:phpslash:phpslash:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpslash:phpslash:0.61:*:*:*:*:*:*:*
- cpe:2.3:a:phpslash:phpslash:0.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpslash:phpslash:065:*:*:*:*:*:*:*
- cpe:2.3:a:phpslash:phpslash:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpslash:phpslash:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpslash:phpslash:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpslash:phpslash:0.8.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/33572nvdExploit
secunia.com/advisories/33717nvdVendor Advisory
osvdb.org/51727nvd
www.securityfocus.com/archive/1/500664/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/48441nvd
www.exploit-db.com/exploits/7948nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.055
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000