Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-04-03T17:00:00
Updated: 2024-08-05T16:04:10.598Z
Reserved: 2017-04-03T00:00:00
Link: CVE-2017-7402
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-04-03T17:59:00.153
Modified: 2021-03-29T12:16:38.423
Link: CVE-2017-7402
Redhat
No data.