The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote malicious users to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP code within the file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
efiction project efiction 1.1 |