ID:4581 - Exploit for Code Injection in openSIS - CVE-2013-1349

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:4581 - Exploit for Code Injection in openSIS - CVE-2013-1349

ID:4581 - Exploit for Code Injection in openSIS - CVE-2013-1349

Published: September 9, 2020


Vulnerability identifier: #VU46335
Vulnerability risk: Medium
CVE-ID: CVE-2013-1349
CWE-ID: CWE-94
Exploitation vector: Remote access
Vulnerable software:
openSIS

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter.


Remediation

Install update from vendor's website.