CVE-2012-5223 Information
Description
The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0 3.5.1 3.5.2 3.6.0 and earlier allows remote attackers to insert and execute arbitrary PHP code via \complex curly syntax\ in the char_repl parameter which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.
Reference
http://osvdb.org/78508
http://secunia.com/advisories/47699
http://www.exploit-db.com/exploits/18424
http://www.securityfocus.com/bid/51647
http://www.vbseo.com/f5/vbseo-security-bulletin-all-supported-versions-patch-release-52783/
https://exchange.xforce.ibmcloud.com/vulnerabilities/72689
The
proc_deutf
function
in
includes/functions_vbseocp_abstract.php
in
vBSEO
3.5.0
3.5.1
3.5.2
3.6.0
and
earlier
allows
remote
attackers
to
insert
and
execute
arbitrary
PHP
code
via
\complex
curly
syntax
in
the
char_repl
parameter
which
is
inserted
into
a
regular
expression
that
is
processed
by
the
preg_replace
function
with
the
eval
switch.