CVE-2019-9651
CRITICALSDCMS V1.7 - Remote Code Execution via Theme Controller File Upload
Title source: llmDescription
An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the check_bad() function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions (such as "eval") are blocked but others (such as "system") are not, and because ".php" is blocked but ".PHP" is not blocked.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
http://www.iwantacve.cn/index.php/archives/155/
Scores
CVSS v3
9.8
EPSS
0.0256
EPSS Percentile
83.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
sdcms/sdcms
1.7
Published
Mar 11, 2019
Tracked Since
Feb 18, 2026