The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute arbitrary code without logging in.Referenceshttps://www.twcert.org.tw/tw/cp-132-5170-83472-1.html
