2 matches found
EUVD-2018-19217
Malware in sbrugna...
Design/Logic Flaw
Blue River Mura CMS before v7.0.7029 supports inline function calls with an m tag and /m end tag, without proper restrictions on file types or pathnames, which allows remote attackers to execute arbitrary code via an m$.dspinclude"../pathname/executable.jpeg"/m approach, where executable.jpeg...