mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-29 01:31:01 +00:00
1.0 KiB
1.0 KiB
CVE-2018-19127
Description
A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring.
POC
Reference
No PoCs from references.