CVE-2020-19302
The CVE-2020-19302 issue affects vaeThink v1.0.1, where the avatar upload function accepts arbitrary file uploads. The root cause is that uploaded files can be misrepresented by changing the suffix to #".php"#, enabling an attacker to execute a webshell. Impact is high per the cited sources, with...