CVE-2018-25335

Name of the Vulnerable Software and Affected Versions Peugeot Music version 1.0

Description An arbitrary file upload flaw allows unauthenticated attackers to upload malicious files by sending POST requests to the 'upload.php' endpoint. By manipulating the name parameter, attackers can upload files with arbitrary extensions to execute code from the uploads directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.