2 matches found
CVE-2019-9042
An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user accounts. NOTE: The...
CVE-2019-9042
Sitemagic CMS v4.4 contains a vulnerability in the index.php?SMExt=SMFiles URI that allows uploading a .php file and potentially executing arbitrary code (illustrated by 404.php) when FileExtensionFilter is not configured and there are untrusted user accounts. The issue has been described across ...