2 matches found
Remote Code Execution
php-heic-to-jpg is vulnerable to Remote Code Execution. The vulnerability is due to improper handling of HEIC image uploads, allowing an attacker to execute code on the remote server via the image file name...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the file name. An attacker who can upload heic images is able to execute code on the remote server. Remediation Upgrade maestroerror/php-heic-to-jpg to version 1.0.5 or higher. References - GitHub Commit -...