Critical severity9.8NVD Advisory· Published Sep 12, 2018· Updated Jun 17, 2026
CVE-2018-16974
CVE-2018-16974
Description
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in apps/filemanager/upload/drop.php by using /filemanager/api/rm/.htaccess to remove the .htaccess file, and then using a filename that ends in .php followed by space characters (for bypassing the blacklist).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
elefant/cmsPackagist | < 2.0.7 | 2.0.7 |
Affected products
1Patches
Vulnerability mechanics
References
5- github.com/jbroadway/elefant/commit/49ba8cc24e9f009ce30d2c2eb9eefeb9be4ce1d0nvdPatchThird Party AdvisoryWEB
- github.com/jbroadway/elefant/issues/287nvdExploitPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-77j2-7whr-6vpxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-16974ghsaADVISORY
- github.com/jbroadway/elefant/releases/tag/elefant_2_0_7_stablenvdRelease NotesWEB
News mentions
0No linked articles in our index yet.