This is a basic writeup describing a file upload vulnerability in kcfinder 2.x, allowing an attacker to bypass file extension checks by uploading a malicious PHP file with a .jpg extension. No actual exploit code is provided.
Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target:kcfinder 2.x
No auth needed
Prerequisites:access to the KCFinder upload interface