CVE-2019-9652

2019-03-1101:00:00

mitre

www.cve.org

9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.9%

JSON

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter.

References

www.iwantacve.cn/index.php/archives/156/