Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is an arbitrary file upload vulnerability #20

Closed
Bla1n opened this issue Jul 14, 2019 · 2 comments
Closed

There is an arbitrary file upload vulnerability #20

Bla1n opened this issue Jul 14, 2019 · 2 comments

Comments

@Bla1n
Copy link

Bla1n commented Jul 14, 2019

There are any files uploaded in the background of your website, you can upload PHP files, so that if the administrator password is leaked, the file uploaded through here can be directly getshell, take over the web
example:
图片
图片
I think you should limit the type of file you upload

@cskaza
Copy link
Owner

cskaza commented Jul 19, 2019

administrator password is leaked. It's user error.

And on this section. I want to use like a file manager.
I can edit/ upload with replace the php file without FTP.

If you have other idea to do like this. Please tell me know.

@cskaza
Copy link
Owner

cskaza commented Sep 15, 2019

Fixed already on 1.2.4
Thanks.

@cskaza cskaza closed this as completed Sep 15, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants