Free Host Shop Website Generator 3.3 allows remote authenticated users with administrative privileges to upload and execute arbitrary files via a formname parameter with a filename containing a dangerous file extension and a trailing %00.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| free_host_shop | website_generator | 3.3 |