CVE-2019-7216
FileChucker 4.99e-free-e02 contains a filter bypass in filechucker.cgi that lets an attacker upload arbitrary file types by manipulating the extension with % characters (example: file.%ph%p becomes file.php). This enables potentially dangerous uploads (e.g., scripts) depending on server configura...