Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2018-19127

Published: 09/11/2018 Updated: 04/02/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Phpcms

Vulnerability Summary

A code injection vulnerability in /type.php in PHPCMS 2008 allows malicious users to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

phpcms phpcms 2008

Github Repositories

https://github.com/ab1gale/phpcms-2008-CVE-2018-19127

phpcms-2008-CVE-2018-19127 Recently we found a vulnerability in /typephp of phpcms 2008 source code When attackers send crafted requests like "/typephp?template=tag_(){};@unlink(FILE);assert($_POST[1]);{///rss", evil content (in this case "@unlink(FILE);assert($_POST[1]);") will be written into cache file (in this case "/cache_template/rsstplphp&

References

CWE-94https://github.com/ab1gale/phpcms-2008-CVE-2018-19127https://nvd.nist.govhttps://github.com/ab1gale/phpcms-2008-CVE-2018-19127
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook