In PESCMS Team 2.2.1, attackers may upload and execute arbitrary PHP code through /Public/?g=Team&m=Setting&a=upgrade by placing a .php file in a ZIP archive.
CPE | Name | Operator | Version |
---|---|---|---|
pescms-team | eq | 2.1.1 | |
pescms-team | eq | 2.1.0 | |
pescms-team | eq | 2.0.2 | |
pescms-team | eq | 2.2.1 | |
pescms-team | eq | 1.0.3 | |
pescms-team | eq | 2.2.0 | |
pescms-team | eq | 2.0.1 | |
pescms-team | eq | 2.0.0 |