Description
ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.
Remediation
References
Related Vulnerabilities
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3736)
WordPress Plugin My Page Order Cross-Site Scripting (4.3)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3179)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2987)
Oracle Database Server CVE-2008-1819 Vulnerability (CVE-2008-1819)