2018-10-30 06:00:00
mitre
PUBLISHED
upload_template() in system/changeskin.php in DocCms 2016.5.12 allows remote attackers to execute arbitrary PHP code via a template file.