Security Advisory

CVE-2018-8972

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-03-24 22:00:00

Last updated 2024-09-17 02:10:48

Assigner mitre

State PUBLISHED

Description

Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters.

← Browse all CVEs View on cve.org ↗