CVE-2013-10070

Description

PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.

Weakness Type (CWE)

CWE-95 CWE-95

References

Other References

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/php_charts_exec.rb https://web.archive.org/web/20130120234844/http://php-charts.com/ https://www.exploit-db.com/exploits/24201 https://www.exploit-db.com/exploits/24273 https://www.vulncheck.com/advisories/php-charts-php-code-execution https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/unix/webapp/php_charts_exec.rb https://www.exploit-db.com/exploits/24201 https://www.exploit-db.com/exploits/24273

Frequently Asked Questions

What is CVE-2013-10070? +

PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution under the web server's context. The vulnerability allows unauthenticated attackers to execute system-level commands via base64-encoded payloads embedded in parameter names, leading to full compromise of the host system.

How do I check if I'm vulnerable to CVE-2013-10070? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2026-44128

SEPPmail Secure Email Gateway before version 15.0.2.1 allows unauthenticated remote code execution in the new GINA UI because an endpoint …

CVE-2025-0868

A vulnerability, that could result in Remote Code Execution (RCE), has been found in DocsGPT. Due to improper parsing of …

CVE-2011-10033

The WordPress plugin is-human <= v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' …

CVE-2025-58365

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Prior to version 9.14, …

CVE-2025-12140

The application contains an insecure 'redirectToUrl' mechanism that incorrectly processes the value of the 'redirectUrlParameter' parameter. The application interprets the …

CVE-2025-4318

The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an …