Remote Code Execution in LvyeCMS 3.1 via Directory Traversal and PHP Code Injection

Remote Code Execution in LvyeCMS 3.1 via Directory Traversal and PHP Code Injection

CVE-2017-16903 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php.

Learn more about our Cms Pen Testing.