CVE-2018-14579
CRITICALGolemCMS < 2008-12-24 - Remote Code Execution via Install Table Prefix Field
Title source: llmDescription
GolemCMS through 2008-12-24, if the install/ directory remains active after an installation, allows remote attackers to execute arbitrary PHP code by inserting this code into the "Database Information" "Table prefix" form field, or obtain sensitive information via a direct request for install/install.sql.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/havysec/Useful_Code/blob/master/mycve/001.md
Scores
CVSS v3
9.8
EPSS
0.0160
EPSS Percentile
72.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
golemcms_project/golemcms
< 2008-12-24
Published
Jul 24, 2018
Tracked Since
Feb 18, 2026