Description
Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension.
Remediation
References
Related Vulnerabilities
WordPress Plugin NextScripts:Social Networks Auto-Poster Unspecified Vulnerability (4.3.2)
WordPress Plugin Really Simple Guest Post Local File Inclusion (1.0.6)
Envoy Proxy Integer Underflow (Wrap or Wraparound) Vulnerability (CVE-2024-32975)
Internet Information Services CVE-2002-1790 Vulnerability (CVE-2002-1790)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1999046)