VYPR
Critical severity9.8NVD Advisory· Published Oct 31, 2018· Updated Jun 17, 2026

CVE-2018-18874

CVE-2018-18874

Description

nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.