CVE-2018-14399

2018-07-1905:00:00

mitre

www.cve.org

AI Score

9.7

Confidence

High

EPSS

0.005

Percentile

75.4%

JSON

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content] JSON data to the index.php?m=member&c=index&a=register URI.

References

www.an-sheng.cc/index.php/archives/4/