Security Advisory

CVE-2019-9651

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-03-11 01:00:00

Last updated 2024-08-04 21:54:45

Assigner mitre

State PUBLISHED

Description

An issue was discovered in SDCMS V1.7. In the appadmincontrollerthemecontroller.php file, the check_bad() functions filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions (such as "eval") are blocked but others (such as "system") are not, and because ".php" is blocked but ".PHP" is not blocked.

← Browse all CVEs View on cve.org ↗