Arbitrary file read & RCE vulnerability in "catchImage" 

## Description
There is no filtering when downloading external images, which can casue arbitrary file reading and remote code execution.

## Impact Version
lightcms latest version (v1.3.5)

## Steps to Reproduce 

### Arbitrary File Reading
![image](https://user-images.githubusercontent.com/35568193/107115905-c3954200-68aa-11eb-8731-145ab476dc01.png)
![image](https://user-images.githubusercontent.com/35568193/107115944-1111af00-68ab-11eb-9a0c-a5e8bfaa9803.png)

### Remote Code Execution
Place the php file which wants to be executed on your own server, and download it:
![image](https://user-images.githubusercontent.com/35568193/107115988-60f07600-68ab-11eb-9c83-2e130b486594.png)

![image](https://user-images.githubusercontent.com/35568193/107116021-985f2280-68ab-11eb-8b93-4f082207778a.png)




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Arbitrary file read & RCE vulnerability in "catchImage" #19

Description

Impact Version

Steps to Reproduce

Arbitrary File Reading

Remote Code Execution

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Arbitrary file read & RCE vulnerability in "catchImage" #19

Description

Description

Impact Version

Steps to Reproduce

Arbitrary File Reading

Remote Code Execution

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions