CVE-2014-1683
published 2014-01-29CVE-2014-1683: The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4…
PriorityP262medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
31.41%
98.1th percentile
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| skybluecanvas | skybluecanvas | <= 1.1_r248-03 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect POST requests to index.php with query parameter pid=4 containing shell metacharacters (e.g., semicolons, quotes) in the name, email, subject, or message fields. ↗
- →The vulnerability is a blind command injection — no output is returned in the HTTP response. Monitor for anomalous outbound network activity (e.g., ICMP ping, netcat connections) originating from the web server process following POST requests to index.php?pid=4. ↗
- →Flag HTTP responses whose body matches the pattern '[1.1 r248]' as potentially vulnerable SkyBlueCanvas instances, consistent with the Metasploit check method. ↗
- →The exploit sends a POST to index.php with vars_get pid=4 and vars_post including cid=3 and action=Send alongside the injected name field. Alert on this specific parameter combination. ↗
- ·The injection is only reachable when the pid parameter equals 4 (the Contact page). Other pid values do not trigger the vulnerable bashMail code path. ↗
- ·The vulnerability is exploitable by unauthenticated remote users; no credentials are required to reach the contact form. ↗
- ·Commands execute in the context of the web server process (not necessarily root), limiting but not eliminating impact. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Skybluecanvas CMS - Remote Code Execution (Metasploit)
exploitdb·2014-02-05
CVE-2014-1683 Skybluecanvas CMS - Remote Code Execution (Metasploit)
Skybluecanvas CMS - Remote Code Execution (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'SkyBlueCanvas CMS Remote Code Execution',
'Description' => %q{
This module exploits an arbitrary command execution vulnerability
in SkyBlueCanvas CMS version 1.1 r248-03 and below.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Scott Parish', # Vulnerability discovery and exploit
'xistence ' # Metasploit Module
],
'References' =>
[
['CVE', '2014-1683'],
['OSVDB', '102586'],
['BID', '65129'],
['EDB', '31183'],
['URL', 'http://packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.html']
],
'Privileged' => false,
'Payload' =>
{
# Ar
Exploit-DB
Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution
exploitdb·2014-01-24
CVE-2014-1683 Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution
Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution
---
Vulnerability in SkyBlueCanvas CMS
Vulnerability Type:
Remote Command Injection
Version Affected:
1.1 r248-03 (and probably prior versions)
Discovered by:
Scott Parish - Center for Internet Security
Vendor Information:
SkyBlueCanvas is an easy-to-use Web Content Management System, that makes it simple to keep the content of your site
fresh. You simply upload the software to your web server, and you are ready to start adding text and pictures to your
web site.
Vulnerability Details:
The SkyBlueCanvas Lightweight CMS application contains a remote command injection vulnerability within the form on the
Contact page. A remote un-authenticated user can exploit this vulnerability to force the webserver to execute commands
in the
Metasploit
SkyBlueCanvas CMS Remote Code Execution
metasploit
SkyBlueCanvas CMS Remote Code Execution
SkyBlueCanvas CMS Remote Code Execution
This module exploits an arbitrary command execution vulnerability in SkyBlueCanvas CMS version 1.1 r248-03 and below.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.htmlhttp://seclists.org/fulldisclosure/2014/Jan/159http://secunia.com/advisories/56646http://www.exploit-db.com/exploits/31183http://www.exploit-db.com/exploits/31432http://www.securityfocus.com/bid/65129https://exchange.xforce.ibmcloud.com/vulnerabilities/90670http://packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.htmlhttp://seclists.org/fulldisclosure/2014/Jan/159http://secunia.com/advisories/56646http://www.exploit-db.com/exploits/31183http://www.exploit-db.com/exploits/31432http://www.securityfocus.com/bid/65129https://exchange.xforce.ibmcloud.com/vulnerabilities/90670
2014-01-29
Published