CVE-2018-18874

2022-10-0316:22:02

mitre

www.cve.org

remote code execution

nc-cms

file manager upload

9.8 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.9%

JSON

nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the “Upload File or Image” feature, with a .php filename and “Content-Type: application/octet-stream” to the index.php?action=file_manager_upload URI.

References

github.com/gnat/nc-cms/issues/11