RSS   Vulnerabilities for 'Aikcms'   RSS

2019-04-27
 
CVE-2019-11568

CWE-434
 

 
An issue was discovered in AikCms v2.0. There is a File upload vulnerability, as demonstrated by an admin/page/system/nav.php request with PHP code in a .php file with the application/octet-stream content type.

 
 
CVE-2019-11567

CWE-89
 

 
An issue was discovered in AikCms v2.0. There is a SQL Injection vulnerability via $_GET['del'], as demonstrated by an admin/page/system/nav.php?del= URI.

 


Copyright 2019, cxsecurity.com

 

Back to Top