cbcvebase.
CVE-2013-6719
published 2014-03-06

CVE-2013-6719: delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote…

PriorityP276medium6CVSS 2.0
AVNACMAuSCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
26.63%
97.8th percentile
delivery.php in the Passive Capture Application (PCA) web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the testconn_host parameter.

Affected

11 ranges
VendorProductVersion rangeFixed in
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx
ibmtealeaf_cx

Detection & IOCsextracted from sources · hover to see the quote

url/delivery.php
path/download.php?log=../../etc/passwd
commandtestconn_host=8.8.8.8 -c 1 ; {cmd} ; ping 8.8.8.8 -c 1
otherperform_action=testconn
port8080
  • Monitor HTTP POST requests to /delivery.php containing shell metacharacters (`;`, `|`, `&`) in the `testconn_host` parameter, which is the injection point for OS command execution.
  • Alert on path traversal attempts via GET requests to /download.php with a `log` parameter containing `../` sequences, indicating exploitation of the companion LFI vulnerability.
  • The exploit defaults to port 8080 for the PCA web console; monitor for attack traffic on this port targeting the IBM Tealeaf CX application paths.
  • ·The exploit notes the CSRF token is not validated by the application, meaning any static or arbitrary CSRF value will be accepted — CSRF protection on this endpoint is non-functional.
  • ·The exploit author notes the vulnerability likely affects all versions prior to 8.8, not just the tested version, broadening the affected scope beyond what may be patched.

CVSS provenance

nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
vulncheck6.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.