3 matches found
CVE-2018-15601
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism...
CVE-2018-15601
apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism...
CVE-2018-15601
Elefant CMS 2.0.3 contains a bypass in apps/filemanager/handlers/upload/drop.php where URL decoding occurs after the restricted-extension check. This allows an attacker to upload files with any extension by URL-encoding the extension, bypassing the protection that should block executable files. T...