CVE-2014-1683

The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/65129
http://seclists.org/fulldisclosure/2014/Jan/159
http://www.exploit-db.com/exploits/31183
http://secunia.com/advisories/56646
http://packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.html
http://www.exploit-db.com/exploits/31432
https://exchange.xforce.ibmcloud.com/vulnerabilities/90670

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:skybluecanvas:skybluecanvas:*:*:*:*:*:*:*:*

Information

Published : 2014-01-29 10:55

Updated : 2017-08-28 18:34

NVD link : CVE-2014-1683

Mitre link : CVE-2014-1683

JSON object : View

CWE

CWE-134

Use of Externally-Controlled Format String

Advertisement

Products Affected

skybluecanvas

skybluecanvas

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/65129", "name": "65129", "tags": [], "refsource": "BID"}, {"url": "http://seclists.org/fulldisclosure/2014/Jan/159", "name": "20140123 Remote Command Injection Vulnerability in SkyBlueCanvas CMS", "tags": [], "refsource": "FULLDISC"}, {"url": "http://www.exploit-db.com/exploits/31183", "name": "31183", "tags": [], "refsource": "EXPLOIT-DB"}, {"url": "http://secunia.com/advisories/56646", "name": "56646", "tags": [], "refsource": "SECUNIA"}, {"url": "http://packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.html", "name": "http://packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.html", "tags": [], "refsource": "MISC"}, {"url": "http://www.exploit-db.com/exploits/31432", "name": "31432", "tags": [], "refsource": "EXPLOIT-DB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90670", "name": "skybluecanvas-index-command-exec(90670)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-134"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-1683", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2014-01-29T18:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:skybluecanvas:skybluecanvas:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.1_r248-03"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-29T01:34Z"}