CVE-2017-16903
CRITICALLvyeCMS < 3.1 - Unauthenticated Path Traversal and Arbitrary PHP File Write via Template Style Add Request
Title source: llmDescription
LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php.
References (1)
Core 1
Core References
Exploit x_refsource_misc
https://github.com/SQYY/CVE/blob/master/Lvyecms_G.txt
Scores
CVSS v3
9.8
EPSS
0.0205
EPSS Percentile
78.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (1)
lvyecms_project/lvyecms
< 3.1
Published
Nov 20, 2017
Tracked Since
Feb 18, 2026