Lucene search
K

11 matches found

Check Point Advisories
Check Point Advisories
added 2014/10/05 12:0 a.m.20 views

OpenSIS ajax.php modname Code Execution (CVE-2013-1349)

A remote code execution vulnerability has been reported in OpenSIS. The vulnerability is due to insufficient validation of modname parameter while parsing requests to ajax.php module. A remote attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server...

7.5CVSS6.4AI score0.23322EPSS
Exploits6
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

OpenSIS 'modname' - PHP Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2013/12/25 12:0 a.m.26 views

openSIS "modname" PHP代码注入漏洞

CVECAN ID: CVE-2013-1349 openSIS是开源学生信息系统。 openSIS 5.2版本没有正确过滤ajax.php内的"modname"参数值,可导致注入和执行任意PHP代码。 0 opensis opensis 5.2 厂商补丁: opensis ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.opensis.com/ openSIS: http://sourceforge.net/p/opensis-ce/bugs/59/ Egidio Romano:...

7.5CVSS6.4AI score0.23322EPSS
Exploits6
0day.today
0day.today
added 2013/12/24 12:0 a.m.43 views

OpenSIS 'modname' PHP Code Execution Vulnerability

This Metasploit module exploits a PHP code execution vulnerability in OpenSIS versions 4.5 to 5.2 which allows any authenticated user to execute arbitrary PHP code under the context of the web-server user. The 'ajax.php' file calls 'eval' with user controlled data from the 'modname' parameter. Th...

7.5CVSS7.4AI score0.23322EPSS
Exploits6
Circl
Circl
added 2013/12/24 12:0 a.m.26 views

CVE-2013-1349

creationtimestamp| type| source ---|---|--- 2013-12-24 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/30471 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/opensismodnameexec.rb 2025-02-06 03:13:41+00:00| see...

7.5CVSS4.8AI score0.23322EPSS
Exploits6References2
Metasploit
Metasploit
added 2013/12/19 8:40 a.m.15 views

OpenSIS 'modname' PHP Code Execution

This module exploits a PHP code execution vulnerability in OpenSIS versions 4.5 to 5.2 which allows any authenticated user to execute arbitrary PHP code under the context of the web-server user. The 'ajax.php' file calls 'eval' with user controlled data from the 'modname' parameter. This module...

7.9AI score
Exploits0
NVD
NVD
added 2013/12/09 4:36 p.m.38 views

CVE-2013-1349

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter...

7.5CVSS7.7AI score0.23322EPSS
Exploits6References4
CVE
CVE
added 2013/12/09 11:0 a.m.87 views

CVE-2013-1349

OpenSIS CVE-2013-1349 affects OpenSIS 4.5–5.2. The vulnerability is in ajax.php: the parameter modname is not properly sanitized before being used in an eval call, allowing an attacker to inject and execute arbitrary PHP code. Multiple sources reference the code path through ajax.php and the modn...

7.5CVSS7.8AI score0.23322EPSS
Exploits6References4Affected Software1
securityvulns
securityvulns
added 2013/12/09 12:0 a.m.69 views

[KIS-2013-10] openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability

---------------------------------------------------------- openSIS = 5.2 ajax.php PHP Code Injection Vulnerability ---------------------------------------------------------- - Software Link: http://www.opensis.com/ - Affected Versions: All versions from 4.5 to 5.2. - Vulnerability Description: Th...

7.5CVSS0.8AI score0.23322EPSS
Exploits6
0day.today
0day.today
added 2013/12/08 12:0 a.m.61 views

openSIS 5.2 PHP Code Injection Vulnerability

openSIS versions 4.5 through 5.2 suffer from a remote PHP code injection vulnerability. ---------------------------------------------------------- openSIS = 5.2 ajax.php PHP Code Injection Vulnerability ---------------------------------------------------------- - Software Link:...

7.5CVSS7.1AI score0.23322EPSS
Exploits6
Packet Storm
Packet Storm
added 2013/12/07 12:0 a.m.46 views

openSIS 5.2 PHP Code Injection

---------------------------------------------------------- openSIS = 5.2 ajax.php PHP Code Injection Vulnerability ---------------------------------------------------------- - Software Link: http://www.opensis.com/ - Affected Versions: All versions from 4.5 to 5.2. - Vulnerability Description: Th...

7.5CVSS0.2AI score0.23322EPSS
Exploits6
Rows per page
Query Builder