Description
Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension.
Remediation
References
Related Vulnerabilities
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3)
Wordpress Plugin Backup Migration CVE-2023-6271 Vulnerability (CVE-2023-6271)
ownCloud Other Vulnerability (CVE-2014-2055)
WordPress Plugin Quick Paypal Payments Multiple Vulnerabilities (5.7.25)
WordPress Plugin Mang Board WP Unspecified Vulnerability (2.0.5)