|Date: (C)2018-01-02 (M)2018-01-10|| |
Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension.
|CVSS Score: ||Access Vector: |
|Exploit Score: ||Access Complexity: |
|Impact Score: ||Authentication: |
| ||Confidentiality: |
| ||Integrity: |
| ||Availability: |