PT-2014-8876 · Morfy · Morfy Cms
Published
2014-12-19
·
Updated
2018-10-09
·
CVE-2014-9185
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Morfy CMS version 1.05
Description
The issue allows remote authenticated users to inject arbitrary PHP code into config.php via the
site url parameter in install.php.Recommendations
For Morfy CMS version 1.05, avoid using the
site url parameter in the install.php file until a fix is available. As a temporary workaround, consider restricting access to the install.php file to minimize the risk of exploitation.Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Morfy Cms