Lucidcrew - Pixie CVE

Filtered by vendor Lucidcrew Subscribe

Filtered by product Pixie

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2017-7402	1 Lucidcrew	1 Pixie	2021-03-29	7.5 HIGH	9.8 CRITICAL
Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg.

Vulnerabilities (CVE)