The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before 0.9.3-3 allows remote attackers to upload and execute arbitrary code via dangerous file extensions that are not all lowercase, which bypasses a cleansing operation.
Max CVSS
7.5
EPSS Score
10.94%
Published
2006-12-14
Updated
2017-07-29
1 vulnerabilities found