cvedb.io
CVE-2018-19127
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2018-11-09T12:29:00.293 · Last modified 2026-06-17T01:48:49.853

Summary

A code injection vulnerability in /type.php in PHPCMS 2008 allows attackers to write arbitrary content to a website cache file with a controllable filename, leading to arbitrary code execution. The PHP code is sent via the template parameter, and is written to a data/cache_template/*.tpl.php file along with a "<?php function " substring.

Affected products

phpcms — phpcms

Does this affect you?

Add your gear to cvedb and we'll alert you only when phpcms ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.