Description
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
Remediation
References
Related Vulnerabilities
PostgreSQL Uncontrolled Search Path Element Vulnerability (CVE-2020-14349)
TCExam Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2021-20113)
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-50721)