What is CVE-2014-5519?

CVE-2014-5519 is a vulnerability in Phpwiki_project Phpwiki, classified under Code Injection. Published 2014-09-11.

Is CVE-2014-5519 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Phpwiki_project Phpwiki

CVE-2014-5519

The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.826 (99.3th percentile) — read the EPSS interpretation.

Affected products

Phpwiki_project Phpwiki — versions 1.5.0
N/a — versions n/a

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

cve@mitre.org (Exploit, x_refsource_MISC)
[oss-security] 20140829 Re: PHP-Wiki Command Injection (mailing-list, x_refsource_MLIST, Exploit)
110576 (x_refsource_OSVDB, vdb-entry)
34451 (Exploit, exploit, x_refsource_EXPLOIT-DB)
[oss-security] 20140827 PHP-Wiki Command Injection (mailing-list, x_refsource_MLIST, Exploit)
20140827 PHP-Wiki Command Injection (mailing-list, Exploit, x_refsource_FULLDISC)
60293 (x_refsource_SECUNIA, third-party-advisory)

Frequently asked questions

What is CVE-2014-5519?: CVE-2014-5519 is a vulnerability in Phpwiki_project Phpwiki, classified under Code Injection. Published 2014-09-11.
Is CVE-2014-5519 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.