cbcvebase.
CVE-2012-3399
published 2012-07-12

CVE-2012-3399: Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.

PriorityP273high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
65.32%
99.2th percentile
Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
artis.imagbasilic

Detection & IOCsextracted from sources · hover to see the quote

path/Config/diff.php
url/basilic-1.5.14/Config/diff.php
commandGET /basilic-1.5.14/Config/diff.php?file=&<PAYLOAD>+%23&new=1&old=2
  • Detect GET requests to Config/diff.php where the 'file' parameter contains shell metacharacters such as '&' or '#', indicative of command injection attempts.
  • Monitor for HTTP GET requests to /Config/diff.php with the 'file' parameter containing '&' followed by a command and a trailing '#' space-comment pattern (e.g., file=&<cmd>+#).
  • The exploit requires no authentication; alert on unauthenticated access to Config/diff.php with suspicious 'file', 'new', and 'old' query parameters.
  • ·The Metasploit module defaults to the path '/basilic-1.5.14/' as the base URI; real-world deployments may use a different base path, requiring adjustment of detection signatures.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.