3 matches found
CVE-2018-18874
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=filemanagerupload URI...
CVE-2018-18874
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=filemanagerupload URI...
CVE-2018-18874
CVE-2018-18874 affects nc-cms up to 2017-03-10. Remote attackers can execute arbitrary PHP code via the Upload File or Image feature when uploading a file named *.php with Content-Type: application/octet-stream to index.php?action=file_manager_upload. The vulnerability description does not specif...