nc-cms through 2017-03-10 allows remote malicious users to execute arbitrary PHP code via the "Upload File or Image" feature, with a .php filename and "Content-Type: application/octet-stream" to the index.php?action=file_manager_upload URI.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
nconsulting nc-cms |