Closed
Description
Hi There,
I was trying the application for a while and noticed that a regular user ( Editor role ) can upload arbitrary file, in this case a PHP file. By then he can run remote PHP command on server context.
Is it OK to describe the vulnerability here ? or you prefer to send it in private ?
Thanks.
Metadata
Metadata
Assignees
Labels
No labels