CVE-2019-7160

2019-01-2916:00:00

mitre

www.cve.org

9.6 High

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

76.0%

JSON

idreamsoft iCMS 7.0.13 allows admincp.php?app=files …/ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.

References

github.com/idreamsoft/iCMS/issues/50