Arbitrary File Execution via Media Rename in GeniXCMS

Arbitrary File Execution via Media Rename in GeniXCMS

CVE-2017-5520 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions.

Learn more about our Cms Pen Testing.