High severity8.8NVD Advisory· Published Jan 1, 2018· Updated Jun 17, 2026
CVE-2018-3814
CVE-2018-3814
Description
Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
craftcms/cmsPackagist | <= 2.6.3000 | — |
Affected products
1Patches
Vulnerability mechanics
References
4- github.com/Snowty/myCVE/blob/master/CraftCMS-2.6.3000/README.mdnvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-r342-vjc4-wrmjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-3814ghsaADVISORY
- web.archive.org/web/20170612231205/http://0day5.com/archives/4122ghsaWEB
News mentions
0No linked articles in our index yet.