Remote Code Execution via Multipart/Form-Data POST in damiCMS V6.0.1

CVE-2018-16238 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

An issue was discovered in damiCMS V6.0.1. Remote code execution can occur via PHP code in a multipart/form-data POST to the admin.php?s=/Tpl/Update.html URI. For example, this can update the Web/Tpl/default/head.html file.

Learn more about our Web App Pen Testing.