Unrated severityNVD Advisory· Published Jan 29, 2014· Updated Jun 17, 2026
CVE-2014-1683
CVE-2014-1683
Description
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:skybluecanvas:skybluecanvas:*:*:*:*:*:*:*:*Range: <=1.1_r248-03
- Range: <1.1 r248-04
Patches
Vulnerability mechanics
References
7- packetstormsecurity.com/files/124948/SkyBlueCanvas-CMS-1.1-r248-03-Command-Injection.htmlnvd
- seclists.org/fulldisclosure/2014/Jan/159nvd
- secunia.com/advisories/56646nvd
- www.exploit-db.com/exploits/31183nvd
- www.exploit-db.com/exploits/31432nvd
- www.securityfocus.com/bid/65129nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/90670nvd
News mentions
0No linked articles in our index yet.