webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and previous versions allows remote malicious users to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request for this filename.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
flux cms flux cms 1.3 |
||
flux cms flux cms 1.31 |
||
flux cms flux cms 1.4 |
||
flux cms flux cms |
||
flux cms flux cms 1.2 |