ClassCMS <=4.8 is vulnerable to file inclusion in the...
Critical severity
Unreviewed
Published
Oct 16, 2024
to the GitHub Advisory Database
•
Updated Oct 17, 2024
Description
Published by the National Vulnerability Database
Oct 16, 2024
Published to the GitHub Advisory Database
Oct 16, 2024
Last updated
Oct 17, 2024
ClassCMS <=4.8 is vulnerable to file inclusion in the nowView method in/class/cms/cms.php, which can include a file uploaded to the/class/template directory to execute PHP code.
References