FileUploadsFilter.php in X2Engine 4.1.7 and previous versions, when running on case-insensitive file systems, allows remote malicious users to bypass the upload blacklist and conduct unrestricted file upload attacks by uploading a file with an executable extension that contains uppercase letters, as demonstrated using a PHP program.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
x2engine x2engine |
Vulmon