High severity7.0NVD Advisory· Published Jul 30, 2017· Updated May 13, 2026

CVE-2017-11756

Description

In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code.

Affected products

Earcms/Ear Music
cpe:2.3:a:earcms:ear_music:*:*:*:*:*:*:*:*
Range: <=4.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lncken.cnnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000