CVE-2019-16113

2019-09-08T21:15:00
ID CVE-2019-16113
Type cve
Reporter cve@mitre.org
Modified 2020-07-27T21:15:00

Description

Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.