CVE-2017-11715

Name of the Vulnerable Software and Affected Versions MetInfo versions prior to 5.3.18

Description The issue allows remote authenticated admins to potentially execute arbitrary PHP code by uploading a file with a specific extension. This is possible because the software blocks the .php extension but not related extensions, such as .phtml. The exploitation involves certain actions with specific files, including admin/system/safe.php and job/cv.php.

Recommendations For MetInfo versions prior to 5.3.18, update to version 5.3.18 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to only necessary extensions and limiting access to the upload functionality to minimize the risk of exploitation.