CVE-2014-6721

Pharmaguideline 1.2.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-6721. PoCs published by sagisar1.

AI-analyzed exploit summary This is a functional exploit for CVE-2014-6721 (Shellshock) that crafts a malicious User-Agent header to trigger RCE on a vulnerable CGI script, establishing a reverse shell. The script sets up a listener and sends a crafted GET request to exploit the vulnerability.

Description

The Pharmaguideline (aka com.pharmaguideline) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Exploits (1)

nomisec WORKING POC
by sagisar1 · poc
https://github.com/sagisar1/CVE-2014-6721-exploit-Shellshock

This is a functional exploit for CVE-2014-6721 (Shellshock) that crafts a malicious User-Agent header to trigger RCE on a vulnerable CGI script, establishing a reverse shell. The script sets up a listener and sends a crafted GET request to exploit the vulnerability.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Bash (versions prior to 4.3)
No auth needed
Prerequisites: Vulnerable CGI script accessible via HTTP · Network connectivity to the target · Listener setup on attacker's machine
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/819305
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/582497

Scores

EPSS 0.0066
EPSS Percentile 47.2%

Details

CWE
CWE-310
Status published
Products (1)
pharmaguideline/pharmaguideline 1.2.0
Published Sep 26, 2014
Tracked Since Feb 18, 2026