2 matches found
CVE-2019-9651
An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the checkbad function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions such as "eval" are blocked but others such as "system" are not, and...
CVE-2019-9651
CVE-2019-9651 pertains to SDCMS v1.7, where the check_bad() filtering in the file \app\admin\controller\themecontroller.php is insufficiently strict. This allows PHP code execution because dangerous functions (e.g., eval) are blocked while others (e.g., system) are not, and because blocking ".php...