ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
E107 | E107 | 0.545 | 0.545 |
E107 | E107 | 0.554 | 0.554 |
E107 | E107 | 0.555_beta | 0.555_beta |
E107 | E107 | 0.603 | 0.603 |
E107 | E107 | 0.610 | 0.610 |
E107 | E107 | 0.611 | 0.611 |
E107 | E107 | 0.612 | 0.612 |
E107 | E107 | 0.613 | 0.613 |
E107 | E107 | 0.614 | 0.614 |
E107 | E107 | 0.615 | 0.615 |
E107 | E107 | 0.615a | 0.615a |
E107 | E107 | 0.616 | 0.616 |