Description
Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that "an odd set of preferences and a missing file" are required.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2014-0463 Vulnerability (CVE-2014-0463)
MySQL CVE-2013-3839 Vulnerability (CVE-2013-3839)
WordPress Plugin Omni Secure Files 'upload.php' Arbitrary File Upload (0.1.13)
WordPress Plugin NewStatPress Multiple Vulnerabilities (0.9.8)
OpenSSL Integer Overflow or Wraparound Vulnerability (CVE-2016-2177)