CVE-2018-16975
Description
An issue was discovered in Elefant CMS before 2.0.7. There is a PHP Code Execution Vulnerability in /designer/add/stylesheet.php by using a .php extension in the New Stylesheet Name field in conjunction with <?php content, because of insufficient input validation in apps/designer/handlers/csspreview.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Elefant CMS before 2.0.7 allows PHP code execution via crafted stylesheet name in /designer/add/stylesheet.php.
Vulnerability
Elefant CMS versions prior to 2.0.7 contain a PHP code execution vulnerability in the /designer/add/stylesheet.php endpoint. The issue arises from insufficient input validation in apps/designer/handlers/csspreview.php, which allows an attacker to supply a .php extension in the "New Stylesheet Name" field along with <?php content. This enables the creation of a file that is interpreted as PHP code by the server [1][3].
Exploitation
An attacker must have access to the designer interface, which typically requires administrative privileges in the CMS. The attacker navigates to /designer/add/stylesheet.php, enters a stylesheet name ending with .php (e.g., shell.php), and includes arbitrary PHP code in the content field. Upon saving, the file is written to the server with a .php extension and can be executed by accessing it directly [1][3].
Impact
Successful exploitation allows the attacker to execute arbitrary PHP code on the web server. This can lead to full compromise of the CMS, including data theft, file manipulation, and potential lateral movement within the hosting environment [1].
Mitigation
The vulnerability is fixed in Elefant CMS version 2.0.7, released on September 12, 2018 [4]. Users should upgrade to this version or later immediately. No workarounds are documented; upgrading is the only recommended mitigation [4].
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
elefant/cmsPackagist | < 2.0.7 | 2.0.7 |
Affected products
1Patches
10795ab57c7ffFixed CSS preview including PHP tags, re: #286
1 file changed · +2 −2
apps/designer/handlers/csspreview.php+2 −2 modified@@ -23,7 +23,7 @@ } } if ($_GET['css'] && preg_match ('/^(layouts|css)\/[a-z0-9\/ _-]+\.css$/i', $_GET['css'])) { - $page->layout = str_replace ('</head>', '<style>' . file_get_contents ($_GET['css']) . '</style></head>', $page->layout); + $page->layout = str_replace ('</head>', '<style>' . strip_tags (file_get_contents ($_GET['css'])) . '</style></head>', $page->layout); } } else { if (! empty ($_POST['layout'])) { @@ -36,7 +36,7 @@ } } if ($_POST['css']) { - $page->layout = str_replace ('</head>', '<style>' . $_POST['css'] . '</style></head>', $page->layout); + $page->layout = str_replace ('</head>', '<style>' . strip_tags ($_POST['css']) . '</style></head>', $page->layout); } }
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-x2w2-qgv6-8xrmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-16975ghsaADVISORY
- github.com/jbroadway/elefant/commit/0795ab57c7ffa53ff4af57e229f6d9680fa54a21ghsax_refsource_MISCWEB
- github.com/jbroadway/elefant/issues/286ghsax_refsource_MISCWEB
- github.com/jbroadway/elefant/releases/tag/elefant_2_0_7_stableghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.