Skip to main content
CVE-2018-19127 CRITICAL POC THREAT Act Now

A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE PHP Phpcms
NVD GitHub
CVSS 3.0
9.8
EPSS
20.8%
CVE-2018-19126 CRITICAL POC PATCH THREAT Act Now

PrestaShop 1.6.x before 1.6.1.23 and 1.7.x before 1.7.4.4 allows remote attackers to execute arbitrary code via a file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload RCE Prestashop
NVD GitHub Exploit-DB
CVSS 3.0
9.8
EPSS
22.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy