Unrestricted file upload vulnerability in update_profile.php in PHPmotion 2.0 and previous versions allows remote authenticated users to execute arbitrary code by uploading a .php file with a content type of (1) image/gif, (2) image/jpeg, or (3) image/pjpeg, then accessing it via a direct request to the file under pictures/.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpmotion phpmotion |
||
phpmotion phpmotion 1.0 |