A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote attacker can exploit this flaw by sending a crafted HTTP GET request with a base64-encoded payload in the Cmd header, resulting in arbitrary PHP code execution within the context of the web server.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 05 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 04 Aug 2025 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Instantcms
Instantcms instantcms
Vendors & Products Instantcms
Instantcms instantcms

Fri, 01 Aug 2025 21:00:00 +0000

Type Values Removed Values Added
Description A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and executed without proper sanitation. A remote attacker can exploit this flaw by sending a crafted HTTP GET request with a base64-encoded payload in the Cmd header, resulting in arbitrary PHP code execution within the context of the web server.
Title InstantCMS <= 1.6 Remote PHP Code Execution
Weaknesses CWE-95
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2025-08-05T14:46:57.784Z

Reserved: 2025-08-01T15:08:19.335Z

Link: CVE-2013-10051

cve-icon Vulnrichment

Updated: 2025-08-05T14:46:52.823Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-01T21:15:27.100

Modified: 2025-08-05T15:15:27.547

Link: CVE-2013-10051

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-04T08:49:32Z