libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI.
References
Link | Resource |
---|---|
http://www.an-sheng.cc/index.php/archives/4/ | Broken Link URL Repurposed |
http://www.an-sheng.cc/index.php/archives/4/ | Broken Link URL Repurposed |
Configurations
History
21 Nov 2024, 03:48
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.an-sheng.cc/index.php/archives/4/ - Broken Link, URL Repurposed |
14 Feb 2024, 01:17
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://www.an-sheng.cc/index.php/archives/4/ - Broken Link, URL Repurposed |
Information
Published : 2018-07-19 05:29
Updated : 2024-11-21 03:48
NVD link : CVE-2018-14399
Mitre link : CVE-2018-14399
CVE.ORG link : CVE-2018-14399
JSON object : View
Products Affected
phpcms_project
- phpcms
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')