Description
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
Remediation
References
Related Vulnerabilities
Jenkins Insufficient Session Expiration Vulnerability (CVE-2019-1003003)
WordPress Plugin You Shang Cross-Site Scripting (1.0.1)
WordPress Plugin Super CAPTCHA 'admin.php' SQL Injection (2.2.4)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.15)
WordPress Plugin WPeMatico RSS Feed Fetcher Cross-Site Scripting (2.6.11)