CVE-2017-14346

Name of the Vulnerable Software and Affected Versions tianchoy/blog versions prior to 2017-09-12

Description The issue allows unrestricted file upload and PHP code execution. This can be achieved by using specific content types such as image/jpeg, image/pjpeg, image/png, or image/gif for a .php file.

Recommendations For versions prior to 2017-09-12, restrict file uploads to only necessary file types and validate the uploaded files to prevent PHP code execution. As a temporary workaround, consider disabling the file upload functionality in upload.php until a proper fix is applied.