JAKCMS PRO <= 2.2.5 Unrestricted File Upload Vulnerability

Description:

JAKCMS contains a flaw related to the js/editor/plugins/jakadminexplorer/php/action.php script which does not properly verify or sanitize user-uploaded files. This allows a remote attacker to upload and execute arbitrary PHP code.

References:

• BID-49737
• EDB-17882

Disclosure Date:

September 22, 2011