CVE-2014-1683

The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.

Weakness

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Software

Potential Mitigations

Related Attack Patterns

• https://cwe.mitre.org/data/definitions/135.html
• https://cwe.mitre.org/data/definitions/67.html

References

• http://packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.html
• http://seclists.org/fulldisclosure/2014/Jan/159
• http://secunia.com/advisories/56646
• http://www.exploit-db.com/exploits/31183
• http://www.exploit-db.com/exploits/31432
• http://www.securityfocus.com/bid/65129
• https://exchange.xforce.ibmcloud.com/vulnerabilities/90670
• http://packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.html
• http://seclists.org/fulldisclosure/2014/Jan/159
• http://secunia.com/advisories/56646
• http://www.exploit-db.com/exploits/31183
• http://www.exploit-db.com/exploits/31432
• http://www.securityfocus.com/bid/65129
• https://exchange.xforce.ibmcloud.com/vulnerabilities/90670