CVE: CVE-2018-3814
Published: 2018-01-01T20:29Z
Vendor: craftcms
Products: craft_cms
Versions: 2.6.3000,
Description Language: en
Description: Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the “Assets->Upload files” screen and then the “Replace it” option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension.