Sharetronix <= 3.1.1 Two PHP Code Injection Vulnerabilities

• Software Link:

http://sharetronix.com/

• Affected Versions:

Version 3.1.1 and probably other versions.

• Vulnerabilities Description:

1) Input passed via the “activities_text” POST parameter to /services/activities/set is not properly sanitised before being used in a call to the “preg_replace()” function with the “e” modifier in the /system/classes/class_post.php script. This can be exploited to inject and execute arbitrary PHP code.

2) Input passed via the “comments_text” POST parameter to /services/comments/set is not properly sanitised before being used in a call to the “preg_replace()” function with the “e” modifier in the /system/classes/class_postcomment.php script. This can be exploited to inject and execute arbitrary PHP code.

• Solution:

No official solution is currently available.

• Disclosure Timeline:

[06/11/2013] – Vendor notified
[06/11/2013] – Vendor response stating “Please immediately cease and desist all such communications”
[05/12/2013] – Public disclosure

• CVE Reference:

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2013-5352 to these vulnerabilities.

• Credits:

Vulnerabilities discovered by Egidio Romano, Secunia Research.

• Original Advisory:

http://secunia.com/secunia_research/2013-08