yiifans/lulucms

Releases0

Stars138

One CMS powerd by Yii2.0 ( please use lulucms2 )

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-18771 ↗	Oct 29, 2018Monday, 29 October 2018, 12:29	—	5 MEDIUM
An issue was discovered in LuLu CMS through 2015-05-14. backend\modules\filemanager\controllers\DefaultController.php allows arbitrary file upload by entering a filename, directory name, and PHP code into the three text input fields.