CVE-2018-18426: Code Injection
First published: Wed Oct 17 2018(Updated: )
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| S-cms S-cms | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2018-18426.
What is the severity level of CVE-2018-18426?
CVE-2018-18426 has a severity level of critical (8.8).
What does CVE-2018-18426 allow remote attackers to do?
CVE-2018-18426 allows remote attackers to execute arbitrary PHP code.
What is the affected software version?
The affected software version is s-cms 3.0.
How can I fix CVE-2018-18426?
To fix CVE-2018-18426, update your s-cms installation to the latest version available.
- collector/nvd-index
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/s-cms
- canonical/s-cms s-cms
- version/s-cms s-cms/3.0