Lucene search
K

4 matches found

CNVD
CNVD
added 2019/02/19 12:0 a.m.6 views

WTCMS Arbitrary PHP Code Execution Vulnerability

WTCMS is a ThinkPHP-based content management system CMS. An arbitrary PHP code execution vulnerability exists in WTCMS version 1.0, which can be exploited by remote attackers to execute PHP code by uploading an image file with the help of the registration email template page in the email settings...

9.8CVSS8AI score0.02283EPSS
Exploits1References1
OSV
OSV
added 2019/02/18 6:29 p.m.6 views

CVE-2019-8908

An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting - Mailbox configuration - Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header...

9.8CVSS7.6AI score0.02283EPSS
Exploits1References1
Prion
Prion
added 2019/02/18 6:29 p.m.22 views

Design/Logic Flaw

An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting - Mailbox configuration - Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header...

7.5CVSS9.7AI score0.02283EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/02/18 6:0 p.m.21 views

CVE-2019-8908

An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting - Mailbox configuration - Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header...

9.8AI score0.02283EPSS
Exploits1References1
Rows per page
Query Builder