Unrestricted file upload vulnerability in F3Site 2.1 and earlier allows remote authenticated administrators to upload and execute arbitrary PHP scripts via GIF86 header in a file in the uplf parameter, which can be later accessed via a relative pathname in the dir parameter in adm.php.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation6 reference(s) from NVD