VYPR
High severity7.2NVD Advisory· Published Oct 1, 2018· Updated Jun 17, 2026

CVE-2018-17827

CVE-2018-17827

Description

HisiPHP 1.0.8 allows remote attackers to execute arbitrary PHP code by editing a plugin's name to contain that code. This name is then injected into app/admin/model/AdminPlugins.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Hisiphp/Hisiphpinferred2 versions
    = 1.0.8+ 1 more
    • (no CPE)range: = 1.0.8
    • (no CPE)range: <=1.0.8

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.