CVE-2013-1349
Os4ed Opensis - Code Injection
Title source: ruleDescription
Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/30471
metasploit
WORKING POC
EXCELLENT
by EgiX, bcoles · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/opensis_modname_exec.rb
Scores
EPSS
0.7086
EPSS Percentile
98.7%
Details
CWE
CWE-94
Status
published
Products (9)
os4ed/opensis
4.5
os4ed/opensis
4.6
os4ed/opensis
4.7
os4ed/opensis
4.8
os4ed/opensis
4.8.1
os4ed/opensis
4.9
os4ed/opensis
5.0
os4ed/opensis
5.1
os4ed/opensis
5.2
Published
Dec 09, 2013
Tracked Since
Feb 18, 2026