CVE-2018-19520

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-19520
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-19520.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-19520
Published
2018-11-25T20:29:00Z
Modified
2024-11-21T03:58:05Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a checkbad function in an attempt to block certain PHP functions such as eval, but does not prevent use of pregreplace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events