CVE-2016-11020
Published
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution.
Kunena Forum - Forum / Bulletin Board / Discussions component for Joomla - This is the 6.x/5.x main development branch. Please do not open issues regarding earlier versions of Kunena
GitHub