This vulnerability is in admin/scripts/FileUploader/php.php. It allows an attacker to execute arbitrary PHP code by uploading a file with a PHP extension. And then an attacker can access it via a direct request to the file in uploads/ directory.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
reflex gallery | le | 3.1.3 |