CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2018-17036

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0090%
EPSS Percentile40.13th
Published2018年9月14日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in UCMS 1.4.6 and 1.6. It allows PHP code injection during installation via the systemdomain parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.

Affected Platforms (CPE)

📦
Ucms Project

Ucms

= 1.4.6
📦
Ucms Project

Ucms

= 1.6

References & Advisories

🔗 https://github.com/blackstar24/UCMS/blob/master/phpinfo.md
🔗 https://github.com/blackstar24/UCMS/blob/master/phpinfo.md

相關漏洞威脅

CVE-2020-254839.8

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can g...

CVE-2018-170359.8

UCMS 1.4.6 has SQL injection during installation via the install/index.php mysql_dbname parameter.

CVE-2020-57579.8

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated r...

CVE-2020-255379.8

File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server managem...