3 matches found
CVE-2019-11377
wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fmgettextexts function...
CVE-2019-11377
wcms/wex/finder/action.php in WCMS v0.3.2 has a Arbitrary File Upload Vulnerability via developer/finder because .php is a valid extension according to the fmgettextexts function...
CVE-2019-11377
CVE-2019-11377 affects WCMS v0.3.2: wcms/wex/finder/action.php is vulnerable to Arbitrary File Upload via developer/finder because .php is allowed by fm_get_text_exts. Root cause: PHP extension allowed for uploads. Impact details are provided in the connected records, with CVSS2/3 metrics (6.5/8....