Vulnerabilities (CVE)

Filtered by vendor Doccms Subscribe
Filtered by product Doccms
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16192 1 Doccms 1 Doccms 2024-02-28 7.5 HIGH 9.8 CRITICAL
upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive.
CVE-2018-18835 1 Doccms 1 Doccms 2024-02-28 7.5 HIGH 9.8 CRITICAL
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.