Description
ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server.
Remediation
References
Related Vulnerabilities
WordPress Plugin Name Directory Cross-Site Scripting (1.7.6)
WebLogic CVE-2018-1257 Vulnerability (CVE-2018-1257)
WordPress Plugin Child Themes Helper Multiple Vulnerabilities (2.0)
Oracle Database Server CVE-2015-2585 Vulnerability (CVE-2015-2585)
WordPress 4.2.x Possible SQL Injection Vulnerability (4.2 - 4.2.16)