CVE-2018-14911
UKCMS ≤1.1.7 file upload flaw enables an attacker with admin access to bypass PHP upload restrictions by adding php,php to the upload_file_ext setting and uploading a malicious script via the admin.php/admin/configset/index/group/upload.html page. The root cause is inadequate filtering of the upl...