CVE-2013-5352

Name of the Vulnerable Software and Affected Versions Sharetronix versions 3.1.1.3, 3.1.1, and earlier

Description The issue allows remote attackers to execute arbitrary PHP code. This is achieved via two parameters: activities text to the "services/activities/set" endpoint or comments text to the "services/comments/set" endpoint. The vulnerability arises from improper handling when executing the preg replace function with the e modifier.

Recommendations For Sharetronix versions 3.1.1.3, 3.1.1, and earlier, consider disabling the preg replace function with the e modifier until a patch is available. Restrict access to the "services/activities/set" and "services/comments/set" endpoints to minimize the risk of exploitation. Avoid using the activities text and comments text parameters in the affected endpoints until the issue is resolved.