An issue was discovered in AContent through 1.4. It allows the user to run commands on the server with a low-privileged account. The upload section in the file manager page contains an arbitrary file upload vulnerability via upload.php. The extension .php7 bypasses file upload restrictions.
CPE | Name | Operator | Version |
---|---|---|---|
acontent | eq | acontent_1_3 | |
acontent | eq | acontent_1_4 |