CVE-2018-16731

2018-09-0815:00:00

mitre

www.cve.org

9.5 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.3%

JSON

CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.

References

github.com/AvaterXXX/CScms/blob/master/CScms_up.md

www.patec.cn/newsshow.php?cid=24&id=123