CVE-2019-8908 (wtcms)

Posted on 2019년 2월 19일2019년 2월 20일 by admin

An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by going to the "Setting -> Mailbox configuration -> Registration email template" screen, and uploading an image file, as demonstrated by a .php filename and the "Content-Type: image/gif" header.

Source: CVE-2019-8908 (wtcms)

답글 남기기 응답 취소