5 matches found
CVE-2017-11756
In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=configupload, and then using user.php/music/add/ to upload the code...
Code injection
In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=configupload, and then using user.php/music/add/ to upload the code...
CVE-2017-11756
CVE-2017-11756 affects Earcms Ear Music up to version 4.1 (build 20170710). The flaw allows remote authenticated users to execute arbitrary PHP code by altering the music-upload allowed extensions (adding .php alongside .mp3 and .m4a) via admin.php?iframe=config_upload, then uploading through use...
CVE-2017-11756
In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=configupload, and then using user.php/music/add/ to upload the code...
Ear Music (Ear Music) download.php has an arbitrary file download vulnerability
Ear Music Ear Music is an interface using Discuz background style and UCHome user center style combined with the core by the high-speed template engine and caching mechanism and other frameworks coexist PHP open source music system. Ear Music Ear Music download.php arbitrary file download...