CVE-2018-14399

libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the index.php?m=member&c=index&a=register URI...

PT-2018-12490 · Phpcms · Phpcms

Name of the Vulnerable Software and Affected Versions: PHPCMS version 9.6.0 Description: The issue allows remote attackers to upload and execute arbitrary PHP code. This can be achieved by sending a .txt?.php.jpg URI in the SRC attribute of an IMG element within infocontent JSON data to the...