An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the check_bad() function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions (such as "eval") are blocked but others (such as "system") are not, and because ".php" is blocked but ".PHP" is not blocked.
References
Link | Resource |
---|---|
http://www.iwantacve.cn/index.php/archives/155/ | Exploit Third Party Advisory |
http://www.iwantacve.cn/index.php/archives/155/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 04:52
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.iwantacve.cn/index.php/archives/155/ - Exploit, Third Party Advisory |
Information
Published : 2019-03-11 01:29
Updated : 2024-11-21 04:52
NVD link : CVE-2019-9651
Mitre link : CVE-2019-9651
CVE.ORG link : CVE-2019-9651
JSON object : View
Products Affected
sdcms
- sdcms
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')