K271266

**Name of the Vulnerable Software and Affected Versions** BiggiDroid Simple PHP CMS version 1.0 **Description** A flaw exists in BiggiDroid Simple PHP CMS that allows for unrestricted file uploads. This issue affects an unknown function within the `/admin/editsite.php` file. The manipulation of the `image` argument enables attackers to upload files remotely. The exploit for this issue has been publicly released. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.