Vulnerabilities > Earcms > EAR Music > 4.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-30 | CVE-2017-11756 | Unrestricted Upload of File with Dangerous Type vulnerability in Earcms EAR Music 4.1 In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code. | 7.0 |