CVE-2019-12548
Bludit before 3.9.0 is vulnerable to remote code execution by an authenticated user who uploads a PHP file while changing the site logo via /admin/ajax/upload-logo. Root cause: an upload path/permission issue allows execution of injected PHP. A fix is available in Bludit 3.9.0 (as referenced by r...