PT-2018-12816 · Phpcms · Phpcms

M0Us3Sun

Published

2018-08-05

Updated

2019-10-03

CVE-2018-14940

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions PHPCMS version 9

Description The issue allows remote attackers to cause a denial of service, specifically resource consumption, by sending a request to the "api.php?op=checkcode" endpoint with large values for the font size, height, and width parameters.

Recommendations For PHPCMS version 9, consider restricting access to the "api.php?op=checkcode" endpoint or limiting the values that can be passed for the font size, height, and width parameters to prevent denial of service attacks.

Exploit

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2018-14940

Affected Products

Phpcms

PT-2018-12816 · Phpcms · Phpcms

CVE-2018-14940

Weakness Enumeration

Related Identifiers

Affected Products

References · 3