CVE-2017-9364

Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt