CVE-2017-5520

Name of the Vulnerable Software and Affected Versions GeniXCMS versions 0.0.0 through 0.0.8

Description The issue concerns the media rename feature, which fails to account for alternative PHP file extensions when checking uploaded files for PHP content. This allows users to rename and execute files with the .php6, .php7, and .phtml extensions.

Recommendations For GeniXCMS versions 0.0.0 through 0.0.8, consider restricting the upload and execution of files with alternative PHP extensions, such as .php6, .php7, and .phtml, until a proper fix is implemented. As a temporary workaround, disabling the media rename feature can help minimize the risk of exploitation.