Remote Code Execution in LvyeCMS 3.1 via Directory Traversal and PHP Code Injection
CVE-2017-16903 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php.
Learn more about our Cms Pen Testing.