VULHUB ™

e107 is prone to a security vulnerability that will allow remote users to upload files with arbitrary file extensions to the computer hosting the software. This vulnerability could allow an attacker to upload a malicious PHP script to the server and cause it to be executed. Scripts in other languages could also be executed in this manner if the Web server has a script handler configured for the file extension. Successful exploitation will result in execution of arbitrary code in the context of the Web server. This issue exists in the Image Manager, and an attacker must have sufficient access to this feature to exploit the vulnerability.

e107 is prone to a security vulnerability that will allow remote users to upload files with arbitrary file extensions to the computer hosting the software. This vulnerability could allow an attacker to upload a malicious PHP script to the server and cause it to be executed. Scripts in other languages could also be executed in this manner if the Web server has a script handler configured for the file extension. Successful exploitation will result in execution of arbitrary code in the context of the Web server. This issue exists in the Image Manager, and an attacker must have sufficient access to this feature to exploit the vulnerability.