Because of this vulnerability in uploadify/scripts/uploadify.php, the attackers can execute arbitrary code by uploading a file with a double extension. After that they access it via a direct request to the file in the directory specified by the “folder” parameter.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
kish guest posting | le | 1.2 |