7.8 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.958 High
EPSS
Percentile
99.4%
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.
CPE | Name | Operator | Version |
---|---|---|---|
skybluecanvas:skybluecanvas | skybluecanvas | le | 1.1_r248-03 |
packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.html
seclists.org/fulldisclosure/2014/Jan/159
secunia.com/advisories/56646
www.exploit-db.com/exploits/31183
www.exploit-db.com/exploits/31432
www.securityfocus.com/bid/65129
exchange.xforce.ibmcloud.com/vulnerabilities/90670