1 results (0.002 seconds)
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-14399
https://notcve.org/view.php?id=CVE-2018-14399
19 Jul 2018 — libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI. libs\classes\attachment.class.php en PHPCMS 9.6.0 permite que atacantes remotos suban y ejecuten código PHP arbitrario mediante un URI .txt?.php#.jpg en el atributo SRC de un elemento IMG en los datos JSON info[content] en el URI index.php?m=memberc=in... • http://www.an-sheng.cc/index.php/archives/4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •