Skip to content
This repository has been archived by the owner on Jan 5, 2023. It is now read-only.

There is an arbitrary file upload vulnerability #38

Closed
geeeez opened this issue Mar 29, 2019 · 2 comments
Closed

There is an arbitrary file upload vulnerability #38

geeeez opened this issue Mar 29, 2019 · 2 comments

Comments

@geeeez
Copy link

geeeez commented Mar 29, 2019

There are any files uploaded in the background of your website, you can upload PHP files, so that if the administrator password is leaked, the file uploaded through here can be directly getshell, take over the web
example:
image

image
I think you should limit the type of file you upload

@patkon
Copy link
Member

patkon commented Mar 29, 2019

I'll look for a solution.
But to install addons you have to be able to upload PHP files. That is a dilemma.

@patkon
Copy link
Member

patkon commented Jun 10, 2020

uploads (file types) are now limited by the config.php file
0c445d0

@patkon patkon closed this as completed Jun 10, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants