← Back

Zeta Producer Desktop Cms

zeta_producer_desktop_cms

Vendor: Zeta Producer • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-13981
1Zeta Producer
1Zeta Producer Desktop Cms
Nov 21, 2024
Jul 16, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmai...Show more
The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files, because the formmailer widget blocks .php files but not .php5 or .phtml files. This is related to /assets/php/formmailer/SendEmail.php and /assets/php/formmailer/functions.php.Show less