High severity8.8NVD Advisory· Published Mar 24, 2018· Updated Jun 17, 2026
CVE-2018-8972
CVE-2018-8972
Description
Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in the functionality for updating the site configuration, which allows remote attackers to inject arbitrary PHP code, as demonstrated by a PHP shell that calls eval on request parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1- github.com/CREDITWEST/CWCMS/issues/1nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.