Security Advisory

CVE-2014-1683

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-01-29 18:00:00

Last updated 2024-08-06 09:50:09

Assigner mitre

State PUBLISHED

Description

The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.

← Browse all CVEs View on cve.org ↗