Security Advisory

CVE-2014-2223

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-09-11 14:00:00

Last updated 2024-08-06 10:06:00

Assigner mitre

State PUBLISHED

Description

Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/.

← Browse all CVEs View on cve.org ↗