WalRack 1.x prior to 1.1.9 and 2.x prior to 2.0.7 does not properly restrict file uploads, which allows remote malicious users to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
walrus digit walrack 1.1.7 |
||
walrus digit walrack 1.1.8 |
||
walrus digit walrack 1.1.5 |
||
walrus digit walrack 1.1.6 |
||
walrus digit walrack 2.0.5 |
||
walrus digit walrack 2.0.6 |
||
walrus digit walrack 1.0.1 |
||
walrus digit walrack 1.1.1 |
||
walrus digit walrack 1.1.2 |
||
walrus digit walrack 2.0.1 |
||
walrus digit walrack 2.0.2 |
||
walrus digit walrack 1.1.3 |
||
walrus digit walrack 1.1.4 |
||
walrus digit walrack 2.0.3 |
||
walrus digit walrack 2.0.4 |