virus logo FortiClient Vulnerability

PHP CVE-2018-19520 Code Injection Vulnerability

description-logoDescription

An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace \'e\' calls, allowing users to execute arbitrary code by leveraging access to admin template management.

affected-products-logoAffected Applications

PHP

CVE References

CVE-2018-19520

Other References

https://nvd.nist.gov/vuln/detail/CVE-2018-19520
ID 61993
Created Jan 09, 2020
Description
Updated		 Dec 19, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor PHP
Patch manual
Application PHP