CVE-2017-7402
Pixie 1.0.4 suffers remote authenticated arbitrary PHP code execution by uploading a double‑extension file (for example, image.jpg.php) via admin/index.php?s=publish&x=filemanager. This bypasses extension checks when Content-Type is image/jpeg. Impact: high/severe (CVSSv3 up to 9.8). Exploit pres...