Description
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management.
Remediation
References
Related Vulnerabilities
WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-2351)
WordPress Plugin Polldaddy Polls & Ratings Cross-Site Scripting (2.0.31)
WordPress Plugin GD Rating System Multiple Vulnerabilities (2.3)
Liferay DXP Incorrect Default Permissions Vulnerability (CVE-2022-42130)
Joomla Improper Input Validation Vulnerability (CVE-2018-11321)