Posted by Larry W. Cashdollar on Apr 05

Hello Folks,

You can get php execution by using the file extension .phtml for both of these advisories. I’m currently updating the
advisories and the vendor.

Try using an uncommon extension not defined in /etc/mime.types.

$ grep “#app” /etc/mime.types
#application/vnd.ms-pki.stl stl
#application/x-httpd-eruby rhtml
#application/x-httpd-php…