CVE-2018-16388
Published
CVSS v3
N/A
CVSS v2
6.5
MEDIUM
Affected
1
PROJECT
Description
e107_web/js/plupload/upload.php in e107 2.1.8 allows remote attackers to execute arbitrary PHP code by uploading a .php filename with the image/jpeg content type.
e107 Bootstrap CMS (Content Management System) v2 with PHP, MySQL, HTML5, jQuery and Twitter Bootstrap. Issue Discussion Room: https://gitter.im/e107inc/e107
GitHub