Remote Code Execution in Axublog 1.1.0 via Injection of PHP Code in webkeywords Parameter

Remote Code Execution in Axublog 1.1.0 via Injection of PHP Code in webkeywords Parameter

CVE-2018-10740 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Axublog 1.1.0 allows remote Code Execution as demonstrated by injection of PHP code (contained in the webkeywords parameter) into the cmsconfig.php file.

Learn more about our Web App Pen Testing.