Lucene search

[email protected]CVE-2013-5352

HistoryJun 13, 2014 - 2:55 p.m.

CVE-2013-5352

2014-06-1314:55:14

CWE-94

[email protected]

web.nvd.nist.gov

cve

sharetronix

php code execution

remote code execution

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

JSON

Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary PHP code via the (1) activities_text parameter to services/activities/set or (2) comments_text parameter to services/comments/set, which is not properly handled when executing the preg_replace function with the e modifier.

Affected configurations

NVD

Node

sharetronixsharetronixRange≤3.1.1

sharetronixsharetronixMatch3.1.1.3

CPENameOperatorVersion
sharetronix:sharetronixsharetronixle3.1.1
sharetronix:sharetronixsharetronixeq3.1.1.3

CPE	Name	Operator	Version
sharetronix:sharetronix	sharetronix	le	3.1.1
sharetronix:sharetronix	sharetronix	eq	3.1.1.3

References

osvdb.org/100605

secunia.com/advisories/53936

secunia.com/secunia_research/2013-8/

www.osvdb.org/100606

www.securityfocus.com/bid/64102

exchange.xforce.ibmcloud.com/vulnerabilities/89503

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

JSON

Related for CVE-2013-5352

prion1 cvelist1 attackerkb1 nvd1