The SP Project & Document Manager WordPress plugin prior to 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server from being uploaded by checking the file extension. It exists that php files could still be uploaded by changing the file extension's case, for example, from "php" to "pHP".
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
smartypantsplugins sp project \\& document manager |