desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the _SESSION variable before calling the session_start function, which allows remote attackers to execute arbitrary PHP code and possibly conduct other attacks by modifying critical assumed-immutable variables, as demonstrated using PHP code in the _SESSION[apps][eyeOptions.eyeapp][wrapup] variable.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Eyeos | Eyeos_project | 0.8 (including) | 0.8 (including) |
Eyeos | Eyeos_project | 0.8.1 (including) | 0.8.1 (including) |
Eyeos | Eyeos_project | 0.8.1_r1 (including) | 0.8.1_r1 (including) |
Eyeos | Eyeos_project | 0.8.2 (including) | 0.8.2 (including) |
Eyeos | Eyeos_project | 0.8.2_r1 (including) | 0.8.2_r1 (including) |
Eyeos | Eyeos_project | 0.8.2_r2 (including) | 0.8.2_r2 (including) |
Eyeos | Eyeos_project | 0.8.2_r3 (including) | 0.8.2_r3 (including) |
Eyeos | Eyeos_project | 0.8.3 (including) | 0.8.3 (including) |
Eyeos | Eyeos_project | 0.8.3_r1 (including) | 0.8.3_r1 (including) |
Eyeos | Eyeos_project | 0.8.3_r2 (including) | 0.8.3_r2 (including) |
Eyeos | Eyeos_project | 0.8.4 (including) | 0.8.4 (including) |
Eyeos | Eyeos_project | 0.8.4_r1 (including) | 0.8.4_r1 (including) |
Eyeos | Eyeos_project | 0.8.5 (including) | 0.8.5 (including) |
Eyeos | Eyeos_project | 0.8.5_r1 (including) | 0.8.5_r1 (including) |
Eyeos | Eyeos_project | 0.8.6 (including) | 0.8.6 (including) |
Eyeos | Eyeos_project | 0.8.7 (including) | 0.8.7 (including) |
Eyeos | Eyeos_project | 0.8.8 (including) | 0.8.8 (including) |
Eyeos | Eyeos_project | 0.8.9 (including) | 0.8.9 (including) |