Vulnerabilities > Sdcms > Sdcms > 1.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-11-29 | CVE-2018-19748 | Path Traversal vulnerability in Sdcms 1.6 app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. | 5.0 |
2018-11-25 | CVE-2018-19520 | Code Injection vulnerability in multiple products An issue was discovered in SDCMS 1.6 with PHP 5.x. | 6.5 |