4 matches found
WTCMS Arbitrary PHP Code Execution Vulnerability
WTCMS is a ThinkPHP-based content management system CMS. An arbitrary PHP code execution vulnerability exists in WTCMS version 1.0, which can be exploited by remote attackers to execute PHP code by uploading an image file with the help of the registration email template page in the email settings...
CVE-2019-8908
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting - Mailbox configuration - Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header...
Design/Logic Flaw
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting - Mailbox configuration - Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header...
CVE-2019-8908
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting - Mailbox configuration - Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header...