Arbitrary Code Execution via ImageManager in e107

Arbitrary Code Execution via ImageManager in e107

CVE-2004-2262 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.

Learn more about our Web Application Penetration Testing UK.