CWE-434

Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.

elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php.

In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of “photos_edit.php” file.

In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of “users_edit.php” file.

In Wedding Management System v1.0, the editing function of the “Services” module in the background management system has an arbitrary file upload vulnerability in the picture upload point of “package_edit.php” file.

In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of “users_profile.php” file.