RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote malicious users to upload arbitrary files.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
e-xoops e-xoops 1.05r3 |
||
runcms runcms 1.1 |
||
runcms runcms 1.1a |