CVE-2017-16903

2017-11-2019:00:00

mitre

www.cve.org

AI Score

9.8

Confidence

High

EPSS

0.015

Percentile

87.1%

JSON

LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php.

References

github.com/SQYY/CVE/blob/master/Lvyecms_G.txt