CVE-2013-5352 Information

Description

Sharetronix 3.1.1.3 3.1.1 and earlier allows remote attackers to execute arbitrary PHP code via the (1) activities_text parameter to services/activities/set or (2) comments_text parameter to services/comments/set which is not properly handled when executing the preg_replace function with the e modifier.

Reference

http://osvdb.org/100605 http://secunia.com/advisories/53936 http://secunia.com/secunia_research/2013-8/ http://www.osvdb.org/100606 http://www.securityfocus.com/bid/64102 https://exchange.xforce.ibmcloud.com/vulnerabilities/89503