In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/lazyphp/PESCMS-TEAM/issues/2 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-09-03T00:00:00
Updated: 2024-08-05T10:24:32.030Z
Reserved: 2018-09-02T00:00:00
Link: CVE-2018-16370
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-09-03T00:29:00.480
Modified: 2018-11-07T21:19:02.670
Link: CVE-2018-16370
Redhat
No data.