Arbitrary PHP Code Execution in baserCMS ThemeConfig Logo Parameter
CVE-2018-18942 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.
Learn more about our Cms Pen Testing.