CVE-2018-18892: Code Injection
First published: Thu Nov 01 2018(Updated: )
MiniCMS 1.10 allows execution of arbitrary PHP code via the install.php sitename parameter, which affects the site_name field in mc_conf.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 1234n Minicms | =1.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2018-18892.
What is the severity rating of CVE-2018-18892?
CVE-2018-18892 has a severity rating of 9.8 (Critical).
How does CVE-2018-18892 affect MiniCMS 1.10?
CVE-2018-18892 allows execution of arbitrary PHP code through the sitename parameter in install.php, affecting the site_name field in mc_conf.php in MiniCMS 1.10.
What is the CVE ID mentioned in the references for CVE-2018-18892?
The CVE ID mentioned in the references for CVE-2018-18892 is CVE-2018-18892.
What is the Common Weakness Enumeration (CWE) ID for CVE-2018-18892?
The Common Weakness Enumeration (CWE) ID for CVE-2018-18892 is CWE-94.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/1234n
- canonical/1234n minicms
- version/1234n minicms/1.10