File Upload Vulnerability in PopojiCMS by Popoji
CVE-2018-18934

9.8CRITICAL

Key Information:

Vendor

Popojicms

Status
Popojicms
Vendor
CVE Published:
5 November 2018

What is CVE-2018-18934?

A file upload vulnerability exists in PopojiCMS v2.0.1, which allows attackers to exploit the admin_component.php via the URI po-admin/route.php?mod=component&act=addnew. By using the fupload parameter, an attacker can upload a ZIP file containing malicious PHP code. This code is extracted and can then be executed on the server. Additionally, this vulnerability can be exploited through Cross-Site Request Forgery (CSRF), making it critical for users to secure their installations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/PopojiCMS/PopojiCMS/issues/12
x_refsource_MISC
https://github.com/PopojiCMS/PopojiCMS/issues/13
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.