CVE-2018-18426 · Vexday

CVE-2018-18426

EPSS 2.4%

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.s-cms.cn/update.html http://www.ttk7.cn/post-93.html