Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unrestricted File Upload Vulnerability in demo site #387

Closed
HatBoy opened this issue Jul 9, 2019 · 1 comment
Closed

Unrestricted File Upload Vulnerability in demo site #387

HatBoy opened this issue Jul 9, 2019 · 1 comment

Comments

@HatBoy
Copy link

HatBoy commented Jul 9, 2019

Hi, I would like to report unrestricted file upload vulnerability in demo site.

Description:
Unrestricted File Upload Vulnerability in demo site image widget.

Steps To Reproduce:

  1. First in the page builder create a image widget and edit it.
    1
  2. Then upload file, you can upload any file you want.
    2
  3. Find you upload file URL
    3
  4. Open the URL you can see the page execution
    4

author by jin.dong@dbappsecurity.com.cn

@gavinwahl
Copy link
Member

Thank you, this has been fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants