2 matches found
CVE-2018-18942
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/themeconfigs/form dataThemeConfiglogo parameter...
CVE-2018-18942
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via admin/theme_configs/form data[ThemeConfig][logo]. This is a remote-code-execution vulnerability stemming from improper handling of the ThemeConfig logo input. Impact is arbitrary PH...