Description
Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg.
Remediation
References
Related Vulnerabilities
WordPress Plugin Count per Day Multiple Cross-Site Scripting Vulnerabilities (3.5.4)
WordPress Plugin MiniMax-Page Layout Builder Cross-Site Scripting (1.3.4)
WordPress Plugin WordPress Landing Pages Cross-Site Scripting (1.8.7)
phpList Incorrect Comparison Vulnerability (CVE-2020-23361)
Ruby on Rails Improper Input Validation Vulnerability (CVE-2013-1854)