Security Advisory

CVE-2018-3814

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2018-01-01 20:00:00

Last updated 2024-08-05 04:57:22

Assigner mitre

State PUBLISHED

Description

Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension.

← Browse all CVEs View on cve.org ↗