Sharetronix <= 3.1.1 Two PHP Code Injection Vulnerabilities
• Software Link:
• Affected Versions:
Version 3.1.1 and probably other versions.
• Vulnerabilities Description:
1) Input passed via the “activities_text” POST parameter to /services/activities/set is not properly sanitised before being used in a call to the “preg_replace()” function with the “e” modifier in the /system/classes/class_post.php script. This can be exploited to inject and execute arbitrary PHP code.
2) Input passed via the “comments_text” POST parameter to /services/comments/set is not properly sanitised before being used in a call to the “preg_replace()” function with the “e” modifier in the /system/classes/class_postcomment.php script. This can be exploited to inject and execute arbitrary PHP code.
• Solution:
No official solution is currently available.
• Disclosure Timeline:
[06/11/2013] – Vendor notified
[06/11/2013] – Vendor response stating “Please immediately cease and desist all such communications”
[05/12/2013] – Public disclosure
• CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2013-5352 to these vulnerabilities.
• Credits:
Vulnerabilities discovered by Egidio Romano, Secunia Research.
• Original Advisory: