Description

ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.

Remediation

References

CVE-2004-2262

Related Vulnerabilities

WordPress Plugin LetsRecover-WooCommerce Abandoned Cart Notifications Multiple SQL Injection Vulnerabilities (1.1.0)

Python Other Vulnerability (CVE-2016-3189)

Oracle Database Server CVE-2024-21184 Vulnerability (CVE-2024-21184)

WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2)

MySQL CVE-2012-3177 Vulnerability (CVE-2012-3177)

Severity

Medium

Classification

CVE-2004-2262

Tags

Missing Update Known Vulnerabilities