9.8 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.9%
nc-cms through 2017-03-10 allows remote attackers to execute arbitrary PHP code via the โUpload File or Imageโ feature, with a .php filename and โContent-Type: application/octet-streamโ to the index.php?action=file_manager_upload URI.
github.com/gnat/nc-cms/issues/11