Pear Admin Think up to and including 2.1.2 has an arbitrary file upload vulnerability that allows malicious users to execute arbitrary code remotely. A .php file can be uploaded via admin.php/index/upload because app/common/service/UploadService.php mishandles fileExt.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pearadmin pearadmin think |