CVE-2012-3399 : Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary c

Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.

Published 2012-07-12 19:55:06

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2012-3399

Artis.imag » Basilic » Version: 1.5.14
cpe:2.3:a:artis.imag:basilic:1.5.14:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

85.19%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 99 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

http://www.exploit-db.com/exploits/19631

Basilic 1.5.14 - 'diff.php' Arbitrary Command Execution (Metasploit) - PHP webapps Exploit
Exploit
http://archives.neohapsis.com/archives/bugtraq/2012-07/0002.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/76667

Basilic diff.php command execution CVE-2012-3399 Vulnerability Report
http://www.openwall.com/lists/oss-security/2012/07/09/4

oss-security - CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability
http://archives.neohapsis.com/archives/bugtraq/2012-07/0043.html
http://www.securityfocus.com/bid/54234

Basilic 'diff.php' Remote Command Execution Vulnerability
Exploit
http://www.openwall.com/lists/oss-security/2012/07/10/1

oss-security - Re: CVE-request: Basilic 1.5.14 diff.php remote code execution vulnerability

Jump to