Количество 3
Количество 3
CVE-2018-19520
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management.
GHSA-vrx7-96gv-r795
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management.
BDU:2022-02427
Уязвимость CMS-системы SDCMS, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный PHP-код
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2018-19520 An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management. | CVSS3: 8.8 | 1% Низкий | больше 6 лет назад |
| GHSA-vrx7-96gv-r795 An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management. | CVSS3: 8.8 | 1% Низкий | около 3 лет назад |
 | BDU:2022-02427 Уязвимость CMS-системы SDCMS, связанная с неверным управлением генерацией кода, позволяющая нарушителю выполнить произвольный PHP-код | CVSS3: 8.8 | 1% Низкий | больше 6 лет назад |
Уязвимостей на страницу