Unrated severityNVD Advisory· Published Jan 29, 2014· Updated Apr 29, 2026

CVE-2014-1683

Description

The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.

Affected products

Skybluecanvas/Skybluecanvas
cpe:2.3:a:skybluecanvas:skybluecanvas:*:*:*:*:*:*:*:*
Range: <=1.1_r248-03

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.htmlnvd
seclists.org/fulldisclosure/2014/Jan/159nvd
secunia.com/advisories/56646nvd
www.exploit-db.com/exploits/31183nvd
www.exploit-db.com/exploits/31432nvd
www.securityfocus.com/bid/65129nvd
exchange.xforce.ibmcloud.com/vulnerabilities/90670nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.062
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000