CVE-2017-16903

Published: 2017-11-20T19:29Z

Last Modified: 2024-11-21T03:17Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt