Unrestricted file upload vulnerability in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allows remote authenticated users to upload and execute arbitrary PHP code via a file with an executable extension, which is then accessed by the (1) calendar or (2) file management module, or possibly unspecified other files.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phpprojekt | Phpprojekt | 5.2.0 (including) | 5.2.0 (including) |