upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive.
References
Link | Resource |
---|---|
https://github.com/SuperSalsa20/Doccms-Execute-Code/blob/master/README.md | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-09-09 21:15
Updated : 2024-02-28 17:08
NVD link : CVE-2019-16192
Mitre link : CVE-2019-16192
CVE.ORG link : CVE-2019-16192
JSON object : View
Products Affected
doccms
- doccms
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type