CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16974
https://notcve.org/view.php?id=CVE-2018-16974
12 Sep 2018 — An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for bypassing the blacklist). Se ha descubierto un problema en versiones anteriores a la 2.0.7 de Elefant CMS. Hay una vulnerabilidad de ejecución de código PHP en apps/filemanager/upload/drop.php mediante el uso de /filemanager/api/rm/... • https://github.com/jbroadway/elefant/commit/49ba8cc24e9f009ce30d2c2eb9eefeb9be4ce1d0 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16975
https://notcve.org/view.php?id=CVE-2018-16975
12 Sep 2018 — An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with