CVE-2019-9652 – There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP …

Vuln ID: CVE-2019-9652

Published:  2019-03-11  01:29:00Z

Description: There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter.

Source: NVD.NIST.GOV

 

Tags