Unrated severityNVD Advisory· Published Nov 21, 2018· Updated Aug 5, 2024
CVE-2018-19404
CVE-2018-19404
Description
In YXcms 1.4.7, protected/apps/appmanage/controller/indexController.php allow remote authenticated Administrators to execute any PHP code by creating a ZIP archive containing a config.php file, hosting the .zip file at an external URL, and visiting index.php?r=appmanage/index/onlineinstall&url= followed by that URL. This is related to the onlineinstall and import functions.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- github.com/HF9/yxcms-code-audit/blob/master/Any%20PHP%20Code%20Executionmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.