PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote malicious users to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
photopost photopost php pro 5.0_rc3 |