CVE-2018-18874

Published October 31st, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI.

gnat/nc-cms

:bulb: Embeddable, lightweight, simple PHP CMS. Content Management System.

GitHub