High severity8.8NVD Advisory· Published May 16, 2018· Updated Jun 17, 2026
CVE-2018-10760
CVE-2018-10760
Description
Unrestricted file upload vulnerability in the Files plugin in ProjectPier 0.88 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the tmp directory under the document root.
Affected products
2<=0.88+ 1 more
- (no CPE)range: <=0.88
- (no CPE)range: <=0.88
Patches
Vulnerability mechanics
References
1- seclists.org/fulldisclosure/2018/May/30nvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.