Unrated severityNVD Advisory· Published Jan 29, 2019· Updated Aug 4, 2024
CVE-2019-7160
CVE-2019-7160
Description
idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.
Affected products
2= 7.0.13+ 1 more
- (no CPE)range: = 7.0.13
- (no CPE)range: = 7.0.13
Patches
Vulnerability mechanics
References
1- github.com/idreamsoft/iCMS/issues/50mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.