3 matches found
CVE-2017-11760
uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area...
CVE-2017-11760
uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text area...
CVE-2017-11760
CVE-2017-11760 affects ProjeQtOr prior to 6.3.2. A remote authenticated user can upload a PHP file that combines image data with script data via uploadImage.php (described as an image in the description text area), allowing execution of arbitrary PHP code on the server. This is the underlying vul...