ID:1555 - Exploit for Arbitrary file upload in Showtime2 - CVE-2019-9692

Link to public exploit:

Vulnerability description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the "class.showtime2_image.php" file does not ensure that a watermark file has a standard image file extension (GIF, JPG, JPEG, or PNG). A remote authenticated attacker can upload and execute arbitrary file on the target system.

Remediation