CVE-2018-19127 – A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbit …

0

Vuln ID: CVE-2018-19127

Published:  2018-11-09  12:29:00Z

Description: A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring.

Source: NVD.NIST.GOV