An issue exists in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bagesoft bagecms 3.1.3 |