VIR Vulnerability Intelligence Relay

CVE-2012-5223

high
Published 2012-10-01 · Modified 2026-04-29
CVSS v3
CVSS v2
7.5
VIR risk
7.5

Description

The proc_deutf function in includes/functions_vbseocp_abstract.php in vBSEO 3.5.0, 3.5.1, 3.5.2, 3.6.0, and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" in the char_repl parameter, which is inserted into a regular expression that is processed by the preg_replace function with the eval switch.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.vbseo.com/f5/vbseo-security-bulletin-all-supported-versions-patch-release-52783/

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/47699

Application impact
VendorProductVersionsFixed
crawlabilityvbseo{"endIncluding":"3.6.0"}
crawlabilityvbseo2.0.0
crawlabilityvbseo2.1.0
crawlabilityvbseo2.1.1
crawlabilityvbseo2.2.0
crawlabilityvbseo2.3.0
crawlabilityvbseo2.4.0
crawlabilityvbseo2.4.5
crawlabilityvbseo3.0.0
crawlabilityvbseo3.1.0
crawlabilityvbseo3.2.0
crawlabilityvbseo3.3.0
crawlabilityvbseo3.3.1
crawlabilityvbseo3.5.0
crawlabilityvbseo3.5.1
crawlabilityvbseo3.5.2
crawlabilityvbseo3.6.0

References

CWEs

CWE-94

Verify integrity in audit chain (admin only). AS-IS.