CVE-2014-1683

SkyBlueCanvas CMS <1.1 r248-04 - RCE

Title source: llm

Description

The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/31432

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Scott Parish · textwebappsphp

https://www.exploit-db.com/exploits/31183

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Scott Parish · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/skybluecanvas_exec.rb

View Code ZIP pw:eip

References (7)

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.html

[Mailing List] http://seclists.org/fulldisclosure/2014/Jan/159

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/90670

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/65129

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/31183

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/31432

[Third Party Advisory] http://secunia.com/advisories/56646

Scores

EPSS 0.7784

EPSS Percentile 99.0%

Details

CWE

CWE-134

Status published

Products (1)

skybluecanvas/skybluecanvas < 1.1_r248-03

Published Jan 29, 2014

Tracked Since Feb 18, 2026