The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS prior to 1.1 r248-04, when the pid parameter is 4, allows remote malicious users to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
skybluecanvas skybluecanvas |