Arbitrary PHP Code Execution Vulnerability in Maccms 10 Template Rendering

Arbitrary PHP Code Execution Vulnerability in Maccms 10 Template Rendering

CVE-2019-9829 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a template/default_pc/html/art Edit action. This occurs because template rendering uses an include operation on a cache file, which bypasses the prohibition of .php files as templates.

Learn more about our Cms Pen Testing.