Arbitrary PHP Code Execution and File Read Vulnerability in BageCMS 3.1.3
CVE-2018-18258 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI.
Learn more about our Web App Pen Testing.