Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and previous versions allows remote malicious users to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
etomite etomite |
||
etomite etomite 0.6 |