An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin/route.php?mod=component&act=addnew URI by using the fupload parameter to upload a ZIP file containing arbitrary PHP code (that is extracted and can be executed). This can also be exploited via CSRF.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-11-05T08:00:00
Updated: 2024-08-05T11:23:08.493Z
Reserved: 2018-11-05T00:00:00
Link: CVE-2018-18934
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-11-05T09:29:00.290
Modified: 2024-11-21T03:56:54.133
Link: CVE-2018-18934
Redhat
No data.