Skip to content

Arbitrary File Upload - Security #812

Closed
@bousalman

Description

@bousalman

Hi There,

I was trying the application for a while and noticed that a regular user ( Editor role ) can upload arbitrary file, in this case a PHP file. By then he can run remote PHP command on server context.

Is it OK to describe the vulnerability here ? or you prefer to send it in private ?

Thanks.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions