Low privileges (auth) Remote Command Execution - PHP file upload bypass.
High
E
ExpressionEngine
Submitted None
Team Summary
Official summary from ExpressionEngine
ExpressionEngine was vulnerable to unrestricted file upload via a low-privileged user due to a bypass extension check that led to remote command execution.
Actions:
Reported by
mariuszpoplawski
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Code Injection