logo
DATABASE RESOURCES PRICING ABOUT US

Business Directory Plugin < 5.11.1 - Authenticated PHP4 Upload to RCE

Description

The plugin did not properly check for imported files, forbidding certain extension via a blacklist approach, allowing administrator to import an archive with a .php4 inside for example, leading to RCE


Related