New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security issue: Remote code execution via user picture upload #1223
Labels
Web Security
White Hat Reports, Cross Site SQL Injection, etc
Comments
|
This bypasses the mime type right? |
|
Yes, the mime type is set by the 'content type' specified by the user. The code comments seem to indicate that an extension check is performed too, but that clearly isn't the case. |
|
i have coded that module, seems like i have missed some check |
|
Definitely, missed the extension check |
|
Good job @C-Sto |
|
Great @C-Sto , @naveen17797 youve got this |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Issue
Arbitrary file upload vulnerability allowing any user who can set profile pictures to be able to execute code on the hosting system.
In lh-ehr, an attacker must be authenticated, and have sufficient privileges to upload a user profile picture (either for a user, or a patient) to perform this attack. It appears any valid user can perform this.
Issue location
Occurs at
lh-ehr/interface/patient_file/summary/demographics.php
Line 1735 in 5b5f427
POC:
The text was updated successfully, but these errors were encountered: