Description

e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.

Remediation

References

CVE-2018-16388

Related Vulnerabilities

markdown-it Inefficient Regular Expression Complexity Vulnerability (CVE-2015-10005)

MediaWiki Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-41799)

WordPress Plugin Absolute Privacy 'abpr_authenticateUser()' Security Bypass (2.0.5)

Oracle JRE CVE-2012-5079 Vulnerability (CVE-2012-5079)

WordPress Plugin Justified Gallery Cross-Site Scripting (1.7.0)

Severity

High

Classification

CVE-2018-16388 CWE-434 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities