CVE-2018-14399

libsclassesattachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI.
References
Configurations

Configuration 1

cpe:2.3:a:phpcms_project:phpcms:9.6.0:*:*:*:*:*:*:*

Information

Published : 2018-07-19 05:29

Updated : 2018-09-17 06:32


NVD link : CVE-2018-14399

Mitre link : CVE-2018-14399

Products Affected
No products.
CWE