upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.
References
Link | Resource |
---|---|
http://www.iwantacve.cn/index.php/archives/65/ | Exploit Third Party Advisory |
Configurations
Information
Published : 2018-10-29 23:29
Updated : 2018-12-06 08:15
NVD link : CVE-2018-18835
Mitre link : CVE-2018-18835
JSON object : View
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')
Products Affected
doccms
- doccms