Critical severity9.8NVD Advisory· Published Sep 12, 2018· Updated Jun 17, 2026
CVE-2018-16975
CVE-2018-16975
Description
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with <?php content, because of insufficient input validation in apps/designer/handlers/csspreview.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
elefant/cmsPackagist | < 2.0.7 | 2.0.7 |
Affected products
1Patches
Vulnerability mechanics
References
5- github.com/jbroadway/elefant/commit/0795ab57c7ffa53ff4af57e229f6d9680fa54a21nvdPatchThird Party AdvisoryWEB
- github.com/jbroadway/elefant/issues/286nvdExploitPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-x2w2-qgv6-8xrmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-16975ghsaADVISORY
- github.com/jbroadway/elefant/releases/tag/elefant_2_0_7_stablenvdRelease NotesWEB
News mentions
0No linked articles in our index yet.