Arbitrary PHP Code Execution and File Read Vulnerability in BageCMS 3.1.3

Arbitrary PHP Code Execution and File Read Vulnerability in BageCMS 3.1.3

CVE-2018-18258 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An issue was discovered in BageCMS 3.1.3. The attacker can execute arbitrary PHP code on the web server and can read any file on the web server via an index.php?r=admini/template/updateTpl&filename= URI.

Learn more about our Web App Pen Testing.