What is CVE-2013-10070?

CVE-2013-10070 is a vulnerability in Php-charts, classified under Eval Injection. Published 2025-08-05.

Is CVE-2013-10070 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Php-charts

CVE-2013-10070

PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval() without sanitization. A remote attacker can exploit this flaw by crafting a request that i…

EPSS: 0.737 (98.8th percentile) — read the EPSS interpretation.

Affected products

Php-charts — versions 1.0

Weakness classification (CWE)

CWE-95 — Eval Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/u… (exploit)
www.exploit-db.com/exploits/24201 (exploit)
www.exploit-db.com/exploits/24273 (exploit)
web.archive.org/web/20130120234844/http://php-charts.com/ (product)
www.vulncheck.com/advisories/php-charts-php-code-execution (third-party-advisory)

Frequently asked questions

What is CVE-2013-10070?: CVE-2013-10070 is a vulnerability in Php-charts, classified under Eval Injection. Published 2025-08-05.
Is CVE-2013-10070 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.