Description

e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.

Remediation

References

CVE-2018-16388

Related Vulnerabilities

WordPress Plugin Advanced Woo Search Cross-Site Scripting (2.77)

WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)

WordPress Plugin GlotPress Information Disclosure (2.2.1)

WordPress Plugin Quiz and Survey Master (QSM)-Easy Quiz and Survey Maker Cross-Site Scripting (7.1.13)

Highcharts JS Incorrect Regular Expression Vulnerability (CVE-2018-20801)

Severity

High

Classification

CVE-2018-16388 CWE-434 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities