CVE-2018-16238

Published: Aug 30, 2018Modified: Nov 21, 2024

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file.

Affected (1)

Products: Damicms: Damicms

Damicms

1 product

Damicms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Damicms Damicms	Version 6.0.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (2)

https://github.com/howchen/howchen/issues/2

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/howchen/howchen/issues/2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.