Jra89

**Name of the Vulnerable Software and Affected Versions** class.upload.php versions prior to 1.0.3 class.upload.php versions 2.x prior to 2.0.4 **Description** The issue is related to the omission of .phar from the set of dangerous file extensions in class.upload.php, which can be exploited for remote code execution. **Recommendations** For versions prior to 1.0.3, update to version 1.0.3 or later. For versions 2.x prior to 2.0.4, update to version 2.0.4 or later.