4 matches found
CVE-2018-16731
CScms 4.1 allows arbitrary file upload by for example adding the php extension to the default filetype list gif, jpg, png, and then providing a .php pathname within fileurl JSON data...
CVE-2018-16731
CScms 4.1 allows arbitrary file upload by for example adding the php extension to the default filetype list gif, jpg, png, and then providing a .php pathname within fileurl JSON data...
CVE-2018-16731
CScms 4.1 allows arbitrary file upload by for example adding the php extension to the default filetype list gif, jpg, png, and then providing a .php pathname within fileurl JSON data...
CVE-2018-16731
CVE-2018-16731 affects CScms 4.1 and is described as an arbitrary file upload vulnerability: an attacker can add the php extension to the allowed filetype list and supply a .php pathname inside the fileurl JSON data to obtain uploaded PHP code. The connected records confirm the issue and provide ...