CVE-2014-1683

The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.html
http://seclists.org/fulldisclosure/2014/Jan/159
http://secunia.com/advisories/56646
http://www.exploit-db.com/exploits/31183
http://www.exploit-db.com/exploits/31432
http://www.securityfocus.com/bid/65129
https://exchange.xforce.ibmcloud.com/vulnerabilities/90670

Configurations

Configuration 1 (hide)

cpe:2.3:a:skybluecanvas:skybluecanvas:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-01-29 18:55

Updated : 2024-02-28 12:20

NVD link : CVE-2014-1683

Mitre link : CVE-2014-1683

CVE.ORG link : CVE-2014-1683

JSON object : View

Products Affected

skybluecanvas

skybluecanvas

CWE

CWE-134

Use of Externally-Controlled Format String

{"id": "CVE-2014-1683", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-29T18:55:27.027", "references": [{"url": "http://packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.html", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2014/Jan/159", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/56646", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/31183", "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/31432", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/65129", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90670", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-134"}]}], "descriptions": [{"lang": "en", "value": "The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php."}, {"lang": "es", "value": "La funci\u00f3n bashMail en cms/data/skins/techjunkie/fragments/contacts/functions.php en SkyBlueCanvas CMS en versiones anteriores a 1.1 r248-04, cuando el par\u00e1metro pid es 4, permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres shell en el par\u00e1metro (1) name, (2) email, (3) subject o (4) message en index.php."}], "lastModified": "2017-08-29T01:34:27.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:skybluecanvas:skybluecanvas:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7522B37-C72C-45B7-94B0-31A19AA371EF", "versionEndIncluding": "1.1_r248-03"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}