Home / Early Warning / Vulnerabilidades / CVE-2019-9829

CVE-2019-9829

Type: 
Code Injection
Severity: 
Medium
Publication date: 
03/15/2019
Last modified: 
03/15/2019
Description
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates.
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Requires a single instance to exploit
Impact Type: Partially affects on system integrity + Partially affects on system confidentiality + Partially affects on system availability
Vulnerable software and versions
  • Maccms Maccms 10.0
Explanation of fields