Code injection

2018-10-0918:29:00

PRIOn knowledge base

www.prio-n.com

9.7 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.2%

JSON

An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because “eval” is used during “if” processing.

CPENameOperatorVersion
duomicmseq3.0

CPE	Name	Operator	Version
	duomicms	eq	3.0

References

github.com/Mochazz/Mochazz.github.io/blob/master/2018/09/30/DuomiCms3.0%E6%9C%80%E6%96%B0%E7%89%88%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98/index.html

mochazz.github.io/2018/09/30/DuomiCms3.0%E6%9C%80%E6%96%B0%E7%89%88%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98/