CVE-2013-1349

openSIS 4.5-5.2 - Remote Code Execution via ajax.php modname Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-1349. PoCs published by Metasploit, EgiX, bcoles, including Metasploit module exploits/unix/webapp/opensis_modname_exec.

AI-analyzed exploit summary This Metasploit module exploits a PHP code execution vulnerability in OpenSIS (CVE-2013-1349) by leveraging an unsafe `eval()` call in `ajax.php` with user-controlled input from the `modname` parameter. It authenticates, injects base64-encoded payloads, and executes arbitrary commands via PHP functions like `system()` or `exec()`.

Description

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotelinux
https://www.exploit-db.com/exploits/30471

This Metasploit module exploits a PHP code execution vulnerability in OpenSIS (CVE-2013-1349) by leveraging an unsafe `eval()` call in `ajax.php` with user-controlled input from the `modname` parameter. It authenticates, injects base64-encoded payloads, and executes arbitrary commands via PHP functions like `system()` or `exec()`.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: OpenSIS 4.5 to 5.2
Auth required
Prerequisites: Valid OpenSIS credentials · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by EgiX, bcoles · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/opensis_modname_exec.rb

This Metasploit module exploits a PHP code execution vulnerability in OpenSIS versions 4.5 to 5.2 by leveraging an unsafe `eval()` call in `ajax.php` with user-controlled input from the `modname` parameter. It authenticates as a user, then injects arbitrary PHP code to achieve remote command execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: OpenSIS 4.5 to 5.2
Auth required
Prerequisites: Valid OpenSIS credentials · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Patch x_refsource_misc
http://sourceforge.net/p/opensis-ce/code/1009
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55913
Exploit x_refsource_misc
http://karmainsecurity.com/KIS-2013-10

Scores

EPSS 0.7086
EPSS Percentile 98.7%

Details

CWE
CWE-94
Status published
Products (9)
os4ed/opensis 4.5
os4ed/opensis 4.6
os4ed/opensis 4.7
os4ed/opensis 4.8
os4ed/opensis 4.8.1
os4ed/opensis 4.9
os4ed/opensis 5.0
os4ed/opensis 5.1
os4ed/opensis 5.2
Published Dec 09, 2013
Tracked Since Feb 18, 2026