Arbitrary PHP Code Execution in YUNUCMS 1.1.5 via Install.php Vulnerability

Arbitrary PHP Code Execution in YUNUCMS 1.1.5 via Install.php Vulnerability

CVE-2018-19180 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

statics/app/index/controller/Install.php in YUNUCMS 1.1.5 (if install.lock is not present) allows remote attackers to execute arbitrary PHP code by placing this code in the index.php?s=index/install/setup2 DB_PREFIX field, which is written to database.php.

Learn more about our Cms Pen Testing.