simogeo Filemanager < 2.5.0 - Arbitrary File Upload and Remote Code Execution via SVG File
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.