← Back to CVE List

CVE-2021-33199

Published: 2021-08-12T21:15Z
Last Modified: 2024-11-21T06:08Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
In Expression Engine before 6.0.3, addonIcon in Addons/file/mod.file.php relies on the untrusted input value of input->get('file') instead of the fixed file names of icon.png and icon.svg. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt