The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP code within the file.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation14 reference(s) from NVD