MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.
References
Link | Resource |
---|---|
https://github.com/AvaterXXX/MiniCms/blob/master/Command%20Execution.md | Exploit Third Party Advisory |
https://www.patec.cn/newsshow.php?cid=24&id=135 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2018-11-01 01:29
Updated : 2024-02-04 20:03
NVD link : CVE-2018-18892
Mitre link : CVE-2018-18892
CVE.ORG link : CVE-2018-18892
JSON object : View
Products Affected
1234n
- minicms
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')