CVE-2009-0673 Information

Description

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php.

Reference

http://ravenphpscripts.com/postt17156.html http://www.securityfocus.com/archive/1/500988/100/0/threaded http://www.securityfocus.com/bid/33787 http://www.waraxe.us/advisory-72.html https://exchange.xforce.ibmcloud.com/vulnerabilities/48790 https://www.exploit-db.com/exploits/8068