CVE-2013-1668

The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.

Date published : 2014-05-23

http://www.securityfocus.com/bid/58332

http://archives.neohapsis.com/archives/bugtraq/2013-03/0033.html