CVE-2018-16731

2018-09-0815:00:00

mitre

www.cve.org

AI Score

9.5

Confidence

High

EPSS

0.008

Percentile

81.3%

JSON

CScms 4.1 allows arbitrary file upload by (for example) adding the php extension to the default filetype list (gif, jpg, png), and then providing a .php pathname within fileurl JSON data.

References

github.com/AvaterXXX/CScms/blob/master/CScms_up.md

www.patec.cn/newsshow.php?cid=24&id=123