This security bulletin contains one high risk vulnerability.
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of files during file upload. A remote attacker can upload a file containing PHP code but with a png image file extension, then send a second request to move (rename) the png file to a php file and execute arbitrary file on the server.Mitigation
Install updates from vendor's website.Vulnerable software versions
Simple File List: 1.0.1 - 4.2.2Fixed software versions
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?