CyberSec.Space Logo
Back to CVE Browser

CVE-2019-8908

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile15.82th
PublishedFeb 18, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header.

Affected Platforms (CPE)

📦
Wtcms Project

Wtcms

= 1.0

References & Advisories

🔗 https://github.com/taosir/wtcms/issues/3
🔗 https://github.com/taosir/wtcms/issues/3

Related Vulnerabilities

CVE-2018-102678.8

WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post URI.

CVE-2019-89108.8

An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.

CVE-2019-89097.5

An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consumption) via crafted d...

CVE-2019-167196.5

WTCMS 1.0 allows index.php?g=admin&m=index&a=index CSRF with resultant XSS.