What is CVE-2014-1683?

CVE-2014-1683 is a vulnerability in Skybluecanvas, classified under Use of Externally-Controlled Format String. Published 2014-01-29.

Is CVE-2014-1683 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Skybluecanvas

CVE-2014-1683

The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the…

EPSS: 0.778 (99.0th percentile) — read the EPSS interpretation.

Affected products

Skybluecanvas
N/a — versions n/a

Weakness classification (CWE)

CWE-134 — Use of Externally-Controlled Format String

Public proof-of-concept exploits

rapid7/metasploit-framework

References

65129 (vdb-entry, x_refsource_BID)
20140123 Remote Command Injection Vulnerability in SkyBlueCanvas CMS (mailing-list, x_refsource_FULLDISC)
cve@mitre.org (x_refsource_MISC)
skybluecanvas-index-command-exec(90670) (vdb-entry, x_refsource_XF)
31183 (exploit, x_refsource_EXPLOIT-DB)
31432 (exploit, x_refsource_EXPLOIT-DB)
56646 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2014-1683?: CVE-2014-1683 is a vulnerability in Skybluecanvas, classified under Use of Externally-Controlled Format String. Published 2014-01-29.
Is CVE-2014-1683 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.