67 matches found
CVE-2019-9651
An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the checkbad function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions such as "eval" are blocked but others such as "system" are not, and...
Code injection
There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter...
Code injection
An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the checkbad function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions such as "eval" are blocked but others such as "system" are not, and...
CVE-2019-9651
An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the checkbad function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions such as "eval" are blocked but others such as "system" are not, and...
CVE-2019-9652
There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter...
CVE-2019-9652
There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter...
CVE-2019-9651
An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the checkbad function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions such as "eval" are blocked but others such as "system" are not, and...
CVE-2019-9651
CVE-2019-9651 pertains to SDCMS v1.7, where the check_bad() filtering in the file \app\admin\controller\themecontroller.php is insufficiently strict. This allows PHP code execution because dangerous functions (e.g., eval) are blocked while others (e.g., system) are not, and because blocking ".php...
CVE-2019-9652
SDCMS V1.7 contains a CSRF leading to PHP code injection via an m=admin&c=theme&a=edit request. The vulnerable component is the file handling (filename via the file parameter and content via t2), enabling remote code execution within the CMS. Concrete details across sources confirm the attack vec...
SDCMS PHP Code Execution Vulnerability
Smoke and Fire Network Technology SDCMS is a PHP and MySQL based enterprise station building content management system CMS by China Smoke and Fire Network Technology. A code injection vulnerability exists in the appadmincontroller hemecontroller.php file in version 1.7 of Smoke and Fire Web...
Parallel Override Vulnerability in SDCMS v1.6
SDCMS era website information management system is a product of Suzhou Fireworks Network Technology Co., Ltd. to asp + access for the development of the portal system. SDCMS v1.6 has a parallel override vulnerability. Attackers can use the vulnerability to illegally modify the user release...
Directory traversal
app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded note that base64 encoding, instead of URL encoding, is very rare in a...
CVE-2018-19748
app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded note that base64 encoding, instead of URL encoding, is very rare in a...
CVE-2018-19748
app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded note that base64 encoding, instead of URL encoding, is very rare in a...
CVE-2018-19748
app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded note that base64 encoding, instead of URL encoding, is very rare in a...
CVE-2018-19748
CVE-2018-19748 – affected software : SDCMS 1.6, vulnerability in app/plug/attachment/controller/admincontroller.php. Issue : directory traversal via a vulnerable request to /?m=plug&c=admin&a=index&p=attachment&root=, where the root parameter must be base64 encoded. Impact : reading arbitrary fil...
Code injection
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a checkbad function in an attempt to block certain PHP functions such as eval, but does not prevent use of pregreplace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin...
CVE-2018-19520
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a checkbad function in an attempt to block certain PHP functions such as eval, but does not prevent use of pregreplace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin...
CVE-2018-19520
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a checkbad function in an attempt to block certain PHP functions such as eval, but does not prevent use of pregreplace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin...
CVE-2018-19520
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a checkbad function in an attempt to block certain PHP functions such as eval, but does not prevent use of pregreplace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin...