Back to search
CVE-2013-5352
Published: Jun 13, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to execute arbitrary PHP code via the (1) activities_text parameter to services/activities/set or (2) comments_text parameter to services/comments/set, which is not properly handled when executing the preg_replace function with the e modifier.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://secunia.com/secunia_research/2013-8/
x_refsource_MISC
100605
vdb-entry
x_refsource_OSVDB
sharetronix-cve20135352-code-execution(89503)
vdb-entry
x_refsource_XF
100606
vdb-entry
x_refsource_OSVDB
64102
vdb-entry
x_refsource_BID
53936
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now