2 matches found
CVE-2018-19196
An issue was discovered in XiaoCms 20141229. It allows remote attackers to execute arbitrary code by using the type parameter to bypass the standard admin\controller\uploadfile.php restrictions on uploaded file types jpg, jpeg, bmp, png, gif, as demonstrated by an...
CVE-2018-19196
The CVE-2018-19196 entry concerns XiaoCms 20141229. Affected component: admin/uploadfile.php handling file uploads. Root cause: attackers can bypass file-type restrictions by manipulating the type parameter, enabling remote code execution via an attack like admin/index.php?c=uploadfile&a=uploadif...