Security Advisory

CVE-2017-11715

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2017-07-28 05:00:00

Last updated 2024-08-05 18:19:38

Assigner mitre

State PUBLISHED

Description

job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/safe.php and job/cv.php.

← Browse all CVEs View on cve.org ↗