CVE-2019-9651

Name of the Vulnerable Software and Affected Versions SDCMS version 1.7

Description An issue in the themecontroller.php file allows for PHP code execution due to insufficient filtering in the check bad() function. This is because the filtering does not strictly block all dangerous PHP functions, such as system, and file extensions like ".PHP" are not blocked, while ".php" is.

Recommendations For SDCMS version 1.7, as a temporary workaround, consider disabling the check bad() function or restricting its use until a patch is available. Additionally, restrict access to the themecontroller.php file to minimize the risk of exploitation. Avoid using the system function in the affected controller until the issue is resolved.