Arbitrary File Execution via Media Rename in GeniXCMS
CVE-2017-5520 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions.
Learn more about our Cms Pen Testing.