Vulnerability Details CVE-2017-16903
LvyeCMS through 3.1 allows remote attackers to upload and execute arbitrary PHP code via directory traversal sequences in the dir parameter, in conjunction with PHP code in the content parameter, within a template Style add request to index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2017-16903
-
cpe:2.3:a:lvyecms_project:lvyecms:*