Unrestricted file upload vulnerability in Uber Uploader 4.2 allows remote attackers to upload and execute arbitrary PHP scripts by naming them with a .phtml extension, which bypasses the .php extension check but is still executable on some server configurations.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Uber_uploader | Uber_uploader | 4.2 (including) | 4.2 (including) |