SkyBlueCanvas CMS - Remote Code Execution

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient def...

SkyBlueCanvas CMS 1.1 r248-03 - Remote Command Execution

No description provided by source. Vulnerability in SkyBlueCanvas CMS Vulnerability Type: Remote Command Injection Version Affected: 1.1 r248-03 and probably prior versions Discovered by: Scott Parish - Center for Internet Security Vendor Information: SkyBlueCanvas is an easy-to-use Web Content...

SkyBlueCanvas CMS Remote Command Execution (CVE-2014-1683)

A remote code execution vulnerability has been reported in SkyBlueCanvas CMS. The vulnerability is due to the filebashMail function that allows remote attackers to execute arbitrary commands, when the pid parameter is 4. A remote attacker can exploit this vulnerability by execute arbitrary comman...

Skybluecanvas CMS - Remote Code Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'SkyBlueCanvas CMS Remote Code Execution', 'Description' = %q This module exploits an arbitrary command execution vulnerability in...

SkyBlueCanvas CMS Remote Code Execution Exploit

This Metasploit module exploits an arbitrary command execution vulnerability in SkyBlueCanvas CMS version 1.1 r248-03 and below. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3...

CVE-2014-1683

The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 name, 2 email, 3 subject, or 4 message parameter to...

Code injection

The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 name, 2 email, 3 subject, or 4 message parameter to...

CVE-2014-1683

The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 name, 2 email, 3 subject, or 4 message parameter to...

CVE-2014-1683

Vulnerability overview: CVE-2014-1683 affects SkyBlueCanvas CMS and its BashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php. When pid equals 4, remote attackers can inject commands via shell metacharacters in the name, email, subject, or message parameters to index.php...

SkyBlueCanvas CMS 1.1 r248-03 Command Injection

Vulnerability in SkyBlueCanvas CMS Vulnerability Type: Remote Command Injection Version Affected: 1.1 r248-03 and probably prior versions Discovered by: Scott Parish - Center for Internet Security Vendor Information: SkyBlueCanvas is an easy-to-use Web Content Management System, that makes it...

Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution

Vulnerability in SkyBlueCanvas CMS Vulnerability Type: Remote Command Injection Version Affected: 1.1 r248-03 and probably prior versions Discovered by: Scott Parish - Center for Internet Security Vendor Information: SkyBlueCanvas is an easy-to-use Web Content Management System, that makes it...