PT-2018-13503 · Seacms · Seacms
Publicado
2018-09-02
·
Atualizado
2018-11-13
·
CVE-2018-16343
CVSS v3.1
7.2
Alta
| Vetor | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SeaCMS version 6.61
Description
The issue allows remote attackers to execute arbitrary code. This is due to the
parseIf() function in include/main.class.php not blocking the use of $GLOBALS.Recommendations
For SeaCMS version 6.61, consider modifying the
parseIf() function in include/main.class.php to block the use of $GLOBALS as a temporary workaround until a patch is available. Restrict access to the parseIf() function to minimize the risk of exploitation.Exploit
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Seacms