Description
Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2012-0507 Vulnerability (CVE-2012-0507)
WordPress Plugin Gallery-Video Gallery and Youtube Gallery Cross-Site Scripting (1.2.4)
WordPress 4.6.x Cross-Site Request Forgery (4.6 - 4.6.13)
WordPress Plugin WP iCommerce-the first interactive ecommerce for wordpress SQL Injection (1.1.1)
WordPress Plugin Eventify-Simple Events 'npath' Parameter Remote File Include (1.7.g)