This vulnerability allows an attacker to execute arbitrary code by uploading a file with an executable extension. After that an attacker access it via a direct request to the file in *_uploadfolder/big/.
Update the plugin.
CPE | Name | Operator | Version |
---|---|---|---|
powerplay gallery | le | 3.3 |