Harold Hallikainen

**Name of the Vulnerable Software and Affected Versions** PhpWiki version 1.3.11p1 **Description** The issue concerns an unrestricted file upload vulnerability in the UpLoad feature, specifically in the lib/plugin/UpLoad.php file. This allows remote attackers to upload arbitrary PHP files, potentially by using a double extension, which can be interpreted by Apache as a valid PHP file. **Recommendations** For PhpWiki version 1.3.11p1, consider restricting or disabling the UpLoad feature in lib/plugin/UpLoad.php until a proper fix is available to prevent the upload of arbitrary PHP files.