Back to search
CVE-2017-11756
Published: Jul 30, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://lncken.cn/?p=359
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now