-Authenticated Local File Inclusion. Need admin or upload permissions.
Someone with upload permissions can use the move to db ability to "get" local files and move to the Documents & Folders view. The mitigation to block "/" from file names works, but if you double encode it, it bypasses the check...
The text was updated successfully, but these errors were encountered:
-Authenticated Local File Inclusion. Need admin or upload permissions.
Someone with upload permissions can use the move to db ability to "get" local files and move to the Documents & Folders view. The mitigation to block "/" from file names works, but if you double encode it, it bypasses the check...
The text was updated successfully, but these errors were encountered: