exploitDog

GHSA-vrx7-96gv-r795

Опубликовано: 14 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 8.8

Описание

An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management.

An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management.

Ссылки

EPSS

Процентиль: 76%

0.01016

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-94

Связанные уязвимости

CVE-2018-19520

CVSS3: 8.8

nvd

больше 6 лет назад

An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management.

BDU:2022-02427

CVSS3: 8.8

fstec

больше 6 лет назад

Уязвимость CMS-системы SDCMS, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный PHP-код

EPSS

Процентиль: 76%

0.01016

Низкий

8.8 High

CVSS3

CVE ID

Дефекты

CWE-94