This is a detailed advisory describing multiple file upload vulnerabilities in MKPortal <= 1.2.1, including insecure file extension validation and case-sensitive bypasses leading to remote code execution.
Classification
Writeup 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:MKPortal <= 1.2.1
Auth required
Prerequisites:registered user · blog editing privileges or file upload permissions