Critical severity9.8NVD Advisory· Published Apr 3, 2017· Updated Jun 17, 2026
CVE-2017-7402
CVE-2017-7402
Description
Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
2- rungga.blogspot.co.id/2017/04/remote-file-upload-vulnerability-in.htmlnvdExploitTechnical DescriptionThird Party Advisory
- www.exploit-db.com/exploits/41784/nvd
News mentions
0No linked articles in our index yet.