Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .php# extension, and then accessing it via unspecified vectors.
"CWE-434: Unrestricted Upload of File with Dangerous Type"
CVSS 3.x Severity and Metrics:
NVD score not yet provided.
CVSS 2.0 Severity and Metrics: