VYPR
High severity8.8NVD Advisory· Published Mar 11, 2019· Updated Jun 17, 2026

CVE-2019-9652

CVE-2019-9652

Description

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.