Unrestricted file upload vulnerability in administrer/produits.php in PEEL, possibly 3.x and previous versions, allows remote authenticated administrators to upload and execute arbitrary PHP files via a modified content type in an ajout action, as demonstrated by (1) image/gif and (2) application/pdf.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
peel peel 2.6 |
||
peel peel 2.7 |
||
peel peel 1.0b |