cbcvebase.
CVE-2014-5519
published 2014-09-11

CVE-2014-5519: The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content]…

PriorityP267high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
64.97%
99.1th percentile
The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party information.

Affected

1 ranges
VendorProductVersion rangeFixed in
phpwiki_projectphpwiki

Detection & IOCsextracted from sources · hover to see the quote

url/index.php/HeIp
commandedit[content]=-device svg -o /dev/stderr -csmap= data= alt= help= >> with shell metacharacters injected
urldomain+'/index.php/HeIp'
  • Monitor HTTP POST requests to index.php/HeIp containing shell metacharacters (e.g., semicolons, backticks, pipe characters) within the edit[content] parameter, specifically in the device option of the Ploticus plugin.
  • Detect the canary/delimiter pattern '123:::' and ':::123' in HTTP responses, which the exploit uses to extract command output from stderr redirection.
  • A Metasploit module exists for this vulnerability; correlate exploit attempts against PhpWiki 1.5.0 installations at the /index.php/HeIp path with known Metasploit user-agent strings.
  • ·The target endpoint /index.php/HeIp is a specific wiki page name used in the exploit; the vulnerability may be triggerable via other wiki page names if the Ploticus plugin is enabled site-wide, not just on this page.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.