upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2019-09-09T20:39:05
Updated: 2024-08-05T01:10:41.562Z
Reserved: 2019-09-09T00:00:00
Link: CVE-2019-16192
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-09-09T21:15:12.170
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-16192
Redhat
No data.