CVE-2019-9042
NONE EPSS 78.6%
Published Feb 23, 20197y ago · Modified Jun 17, 20262w ago
Published Feb 23, 2019 7y ago
Last Modified Jun 17, 2026 2w ago
Description
An issue was discovered in Sitemagic CMS v4.4. In the index.php?SMExt=SMFiles URI, the user can upload a .php file to execute arbitrary code, as demonstrated by 404.php. This can only occur if the administrator neglects to set FileExtensionFilter and there are untrusted user accounts. NOTE: The maintainer states that this is not a vulnerability but a feature used in conjunction with External Modules
Threat Intelligence
EPSS Exploit Probability
78.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-434 Unrestricted Upload of File with Dangerous Type Resource Mgmt
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| sitemagic | sitemagic_cms | 4.4 | any |
References 1
- iwantacve.cn http://www.iwantacve.cn/index.php/archives/116/
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.