Description
An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management.
Remediation
References
Related Vulnerabilities
PHP Numeric Errors Vulnerability (CVE-2009-5016)
WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more PHAR Deserialization (2.9.8.5)
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-46695)
WordPress Plugin Sabre 'tools.php' Cross-Site Scripting (1.2.0)
WordPress Plugin FCChat Widget 'Upload.php' Arbitrary File Upload (2.2.13.1)