Description
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type).
Remediation
References
Related Vulnerabilities
WordPress Plugin Social Share Icons & Social Share Buttons Security Bypass (2.4.5)
WordPress Plugin Sender by BestWebSoft Multiple Vulnerabilities (0.7)
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.12)
OpenSSL Other Vulnerability (CVE-2005-1797)
Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-5045)