Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
PHP Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2018-19520 - Vulnerability Database
PHP

PHP Improper Control of Generation of Code (Code Injection) Vulnerability - CVE-2018-19520

High
Reference: CVE-2018-19520
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2018-19520
Title: PHP Improper Control of Generation of Code (Code Injection) Vulnerability
Overview:

An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval but does not prevent use of preg_replace 39e39 calls allowing users to execute arbitrary code by leveraging access to admin template management.