Updated: 2024-11-23 03:04:22.472223
Description:
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | MEDIUM | 6.5 |
| CVSS Version 3.x | HIGH | 8.8 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| EL 6 PHP | php | 7.2 | 8.8 | HIGH | Ignored | 2024-05-14 17:16:46 | ||
| EL 6 PHP | php | 7.3 | 8.8 | HIGH | Ignored | 2024-05-14 17:16:46 | ||
| EL 6 PHP | php | 5.2 | 8.8 | HIGH | Ignored | 2024-05-14 17:16:47 | ||
| EL 6 PHP | php | 5.3 | 8.8 | HIGH | Ignored | 2024-05-14 17:16:46 | ||
| EL 6 PHP | php | 5.4 | 8.8 | HIGH | Ignored | 2024-05-14 17:16:46 | ||
| EL 6 PHP | php | 7.4 | 8.8 | HIGH | Ignored | 2024-05-14 17:16:41 | ||
| EL 6 PHP | php | 8.0 | 8.8 | HIGH | Ignored | 2024-05-14 17:16:41 | ||
| EL 6 PHP | php | 5.5 | 8.8 | HIGH | Ignored | 2024-05-14 17:16:41 | ||
| EL 6 PHP | php | 8.2 | 8.8 | HIGH | Ignored | 2024-05-14 17:16:40 | ||
| EL 6 PHP | php | 5.6 | 8.8 | HIGH | Ignored | 2024-05-14 17:16:37 |