3 matches found
CVE-2018-8972
Creditwest Bank CMS Project aka CWCMS through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters...
CVE-2018-8972
Creditwest Bank CMS Project aka CWCMS through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters...
CVE-2018-8972
Creditwest Bank CMS Project (CWCMS) prior to 2017-07-28 contains a cross-site request forgery (CSRF) vulnerability in the Website Configuration Update feature. This CSRF flaw enables an attacker to inject arbitrary PHP code, demonstrated by a PHP shell that calls eval on request parameters. Affec...