Arbitrary PHP Code Execution in baserCMS ThemeConfig Logo Parameter

Arbitrary PHP Code Execution in baserCMS ThemeConfig Logo Parameter

CVE-2018-18942 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

In baserCMS before 4.1.4, lib\Baser\Model\ThemeConfig.php allows remote attackers to execute arbitrary PHP code via the admin/theme_configs/form data[ThemeConfig][logo] parameter.

Learn more about our Cms Pen Testing.