Lucene search
K

6 matches found

NVD
NVD
added 2019/03/11 1:29 a.m.21 views

CVE-2019-9651

An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the checkbad function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions such as "eval" are blocked but others such as "system" are not, and...

9.8CVSS9.7AI score0.02564EPSS
Exploits1References1
Prion
Prion
added 2019/03/11 1:29 a.m.16 views

Code injection

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter...

6.8CVSS8.9AI score0.00614EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/03/11 1:0 a.m.23 views

CVE-2019-9652

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter...

9AI score0.00614EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/03/11 1:0 a.m.20 views

CVE-2019-9651

An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the checkbad function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions such as "eval" are blocked but others such as "system" are not, and...

9.7AI score0.02564EPSS
Exploits1References1
CVE
CVE
added 2019/03/11 1:0 a.m.43 views

CVE-2019-9651

CVE-2019-9651 pertains to SDCMS v1.7, where the check_bad() filtering in the file \app\admin\controller\themecontroller.php is insufficiently strict. This allows PHP code execution because dangerous functions (e.g., eval) are blocked while others (e.g., system) are not, and because blocking ".php...

9.8CVSS9.6AI score0.02564EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/03/11 1:0 a.m.40 views

CVE-2019-9652

SDCMS V1.7 contains a CSRF leading to PHP code injection via an m=admin&c=theme&a=edit request. The vulnerable component is the file handling (filename via the file parameter and content via t2), enabling remote code execution within the CMS. Concrete details across sources confirm the attack vec...

8.8CVSS8.9AI score0.00614EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder