Description

ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.

Remediation

References

CVE-2004-2262

Related Vulnerabilities

WordPress Plugin Two Factor Authentication Cross-Site Request Forgery (1.3.12)

WordPress Plugin LearnPress-WordPress LMS Security Bypass (4.1.4.1)

phpMyAdmin URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1000013)

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-42029)

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Cross-Site Scripting (5.8.1)

Severity

Medium

Classification

CVE-2004-2262

Tags

Missing Update Known Vulnerabilities