RSS   Vulnerabilities for 'Doccms'   RSS

2019-09-09
 
CVE-2019-16192

CWE-269
 

 
upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive.

 
2018-10-30
 
CVE-2018-18835

CWE-94
 

 
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.

 


Copyright 2024, cxsecurity.com

 

Back to Top