The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers to execute arbitrary code by uploading a PHP file without a MIME image type, then directly accessing the uploaded file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tutorials | Mytutorials | 2.0 (including) | 2.0 (including) |