Exploitation Summary
EIP tracks 2 public exploits for CVE-2013-10035.
PoCs published by Metasploit, including Metasploit module exploits/multi/http/processmaker_exec.
AI-analyzed exploit summary This Metasploit module exploits an authenticated PHP code execution vulnerability in ProcessMaker Open Source 2.x by leveraging insecure parameter handling in the 'neoclassic' skin. It allows authenticated users to execute arbitrary PHP code via crafted POST requests to vulnerable endpoints.
Description
A code injection vulnerability exists in ProcessMaker Open Source versions 2.x when using the default 'neoclassic' skin. An authenticated user can execute arbitrary PHP code via multiple endpoints, including appFolderAjax.php, casesStartPage_Ajax.php, and cases_SchedulerGetPlugins.php, by supplying crafted POST requests to parameters such as action and params. These endpoints fail to validate user input and directly invoke PHP functions like system() with user-supplied parameters, enabling remote code execution. The vulnerability affects both Linux and Windows installations and is present in default configurations of versions including 2.0.23 through 2.5.1. The vulnerable skin cannot be removed through the web interface, and exploitation requires only valid user credentials.
Exploits (2)
This Metasploit module exploits an authenticated PHP code execution vulnerability in ProcessMaker Open Source 2.x by leveraging insecure parameter handling in the 'neoclassic' skin. It allows authenticated users to execute arbitrary PHP code via crafted POST requests to vulnerable endpoints.
This Metasploit module exploits an authenticated PHP code execution vulnerability in ProcessMaker Open Source 2.x by leveraging a vulnerable 'neoclassic' skin endpoint to execute arbitrary commands. It includes authentication, payload upload, and execution capabilities.
References (5)
Scores
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N