CRITICAL🇬🇧 English

CVE-2019-8908

CVSS 9.8v3.0pub. 2019-02-18upd. 2024-11-21

An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Wtcms Project Wtcms

    APP
    Wtcms Project
    1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-48237CRITICAL9.8PL ✓ten sam produkt

WTCMS 1.0 — błędna kontrola dostępu w HomebaseController

CVE-2019-8909HIGH7.5ten sam produkt

An issue was discovered in WTCMS 1.0. It allows remote attackers to cause a denial of service (resource consum...

CVE-2019-8910HIGH8.8ten sam produkt

An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.

CVE-2018-10267HIGH8.8ten sam produkt

WTCMS 1.0 has a CSRF vulnerability to add an administrator account via the index.php?admin&m=user&a=add_post U...

CVE-2025-13782MEDIUM5.5ten sam produkt

A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by thi...