CVE-2018-17836
JTBC(PHP) 3.0.1.6 is affected by CVE-2018-17836. A remote attacker can execute arbitrary PHP code by exploiting a file upload via /console/file/manage.php?type=action&action=addfile&path=..%2F in combination with a multipart/form-data PHP payload. The vulnerability stems from a path-traversal/uns...