2018-11-05 08:00:00
mitre
PUBLISHED
In baserCMS before 4.1.4, libBaserModelThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.