Vulnerabilities > Jigowatt > PHP Login User Management

DATE CVE VULNERABILITY TITLE RISK
2018-05-29 CVE-2018-11392 Unrestricted Upload of File with Dangerous Type vulnerability in Jigowatt PHP Login & User Management
An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user to upload .php files to the web server via a profile avatar field.
network
low complexity
jigowatt CWE-434
6.5