Improper input validation in Artis.imag Basilic
CVE-2012-3399
Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.855 (99.4th percentile) — read the EPSS interpretation.
Affected products
- Artis.imag Basilic — versions 1.5.14
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- basilic-diff-command-execution(76667) (vdb-entry, x_refsource_XF)
- 20120706 Re: Basilic RCE bug (mailing-list, x_refsource_BUGTRAQ)
- [oss-security] 20120710 CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability (mailing-list, x_refsource_MLIST)
- 19631 (Exploit, exploit, x_refsource_EXPLOIT-DB)
- 54234 (Exploit, vdb-entry, x_refsource_BID)
- 20120630 Basilic RCE bug (mailing-list, x_refsource_BUGTRAQ)
- [oss-security] 20120709 Re: CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability (mailing-list, x_refsource_MLIST)
Frequently asked questions
- What is CVE-2012-3399?
- CVE-2012-3399 is a vulnerability in Artis.imag Basilic, classified under Improper Input Validation. Published 2012-07-12.
- Is CVE-2012-3399 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.