cvedb.io
CVE-2018-19290
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-11-30T18:29:00.567 · Last modified 2026-06-17T01:49:05.063

Summary

In modules/HELPBOT_MODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in a denial of service or possibly unspecified other impact, as demonstrated by the "!calc 5 x 5" command. In versions before 3.0, modules/HELPBOT_MODULE/calc.php has the vulnerable code; in 3.0 and above, modules/HELPBOT_MODULE/HelpbotController.class.php has the vulnerable code.

Affected products

budabot — budabot

Does this affect you?

Add your gear to cvedb and we'll alert you only when budabot ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.