CVE-2020-36485
Portable Ltd Playable v9.18 contains an arbitrary file upload vulnerability in the filename parameter of the upload module, allowing arbitrary code execution via a crafted JPEG file. Root cause noted as insufficient validation in the upload filename handling; mitigation/remediation details are no...