← Back

Doccms

doccms

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Doccms
doccms
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-16192
1Doccms
1Doccms
Nov 21, 2024
Sep 9, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive.
CVE-2018-18835
1Doccms
1Doccms
Nov 21, 2024
Oct 30, 2018
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.