In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://lncken.cn/?p=359 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-07-30T18:00:00
Updated: 2024-08-05T18:19:38.956Z
Reserved: 2017-07-30T00:00:00
Link: CVE-2017-11756
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2017-07-30T18:29:00.600
Modified: 2017-08-04T19:42:10.837
Link: CVE-2017-11756
Redhat
No data.