CVE-2018-15601

Name of the Vulnerable Software and Affected Versions Elefant CMS version 2.0.3

Description The issue arises from the apps/filemanager/handlers/upload/drop.php file in Elefant CMS, where a urldecode step is performed too late in the protection mechanism against uploading executable files. This could potentially allow malicious files to be uploaded.

Recommendations For Elefant CMS version 2.0.3, consider disabling the drop.php handler in the file manager until a patch is available to address the issue with the urldecode step timing. Restrict access to the file upload functionality to minimize the risk of exploitation.