2 matches found
PHPCMS 2008 type.php Code Injection (CVE-2018-19127)
A code injection vulnerability exists in PHPCMS 2008. An attacker could write arbitrary content to a website cache file with a controllable filename. Successful exploitation of this vulnerability could lead to arbitrary code execution...
CVE-2018-19127
PHPCMS 2008 is affected by CVE-2018-19127 due to an unauthenticated remote code execution via template injection in /type.php. Attacker-supplied content is written to a PHP template cache file under data/cache_template/*.tpl.php, appended with a "