CVE-2012-3399

Artis.imag Basilic - Improper Input Validation

Title source: rule

Description

Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubywebappsphp

https://www.exploit-db.com/exploits/19631

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by lcashdollar, sinn3r, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/basilic_diff_exec.rb

View Code ZIP pw:eip

References (7)

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2012-07/0002.html

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2012-07/0043.html

[Exploit] http://www.exploit-db.com/exploits/19631

[Exploit] http://www.securityfocus.com/bid/54234

[Mailing List] http://www.openwall.com/lists/oss-security/2012/07/09/4

[Mailing List] http://www.openwall.com/lists/oss-security/2012/07/10/1

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/76667

Scores

EPSS 0.8549

EPSS Percentile 99.4%

Details

CWE

CWE-20

Status published

Products (1)

artis.imag/basilic 1.5.14

Published Jul 12, 2012

Tracked Since Feb 18, 2026