There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sdcms sdcms 1.7 |