Description
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type).
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form Clean and Simple Cross-Site Scripting (4.4.0)
Internet Information Services Improper Input Validation Vulnerability (CVE-2009-4445)
Elgg Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-3964)
PHPFusion Multiple SQL Injection Vulnerabilities (CVE-2014-8596)