Published: 29/01/2014 Updated: 29/08/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 690

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS prior to 1.1 r248-04, when the pid parameter is 4, allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
skybluecanvas skybluecanvas

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def initialize(info={}) super(update_info(info, 'Name' = ...

Vulnerability in SkyBlueCanvas CMS Vulnerability Type: Remote Command Injection Version Affected: 11 r248-03 (and probably prior versions) Discovered by: Scott Parish - Center for Internet Security Vendor Information: SkyBlueCanvas is an easy-to-use Web Content Management System, that makes it simple to keep the content of your site fresh Yo ...

CWE-134 http://www.securityfocus.com/bid/65129 http://seclists.org/fulldisclosure/2014/Jan/159 http://www.exploit-db.com/exploits/31183 http://secunia.com/advisories/56646 http://packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.html http://www.exploit-db.com/exploits/31432 https://exchange.xforce.ibmcloud.com/vulnerabilities/90670 https://nvd.nist.gov https://www.exploit-db.com/exploits/31432/

CVE-2014-1683

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect