admin/upload.php in imageVue 16.1 allows remote malicious users to upload arbitrary files to certain allowed folders via .. (dot dot) sequences in the path parameter. NOTE: due to the lack of details, the specific vulnerability type cannot be determined, although it might be due to directory traversal.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
imagevue imagevue 0.16.1 |