An issue was discovered in DuomiCMS 3.0. Remote PHP code execution is possible via the search.php searchword parameter because "eval" is used during "if" processing.
References
Link | Resource |
---|---|
https://github.com/Mochazz/Mochazz.github.io/blob/master/2018/09/30/DuomiCms3.0%E6%9C%80%E6%96%B0%E7%89%88%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98/index.html | Exploit Third Party Advisory |
https://mochazz.github.io/2018/09/30/DuomiCms3.0%E6%9C%80%E6%96%B0%E7%89%88%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-10-09T18:00:00
Updated: 2018-10-09T18:57:01
Reserved: 2018-10-09T00:00:00
Link: CVE-2018-18083
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-10-09T18:29:00.427
Modified: 2018-11-29T14:34:41.320
Link: CVE-2018-18083
JSON object: View
Redhat Information
No data.
CWE