Recently, our team found a Arbitrary File Upload vulnerability,The vulnerability logic is present in the file:
https://github.com/getk2/k2/blob/master/media/k2/assets/vendors/verot/class.upload.php/src/class.upload.php#L3104
The suffix blacklist detection utilizes a regular expression with $/i. Attackers can bypass this blacklist detection by using 1.php[space], 1.php. or Windows-specific characters like 1.php::$DATA.We have submitted the issue to the component developer:verot/class.upload.php#187
Recently, our team found a Arbitrary File Upload vulnerability,The vulnerability logic is present in the file:
https://github.com/getk2/k2/blob/master/media/k2/assets/vendors/verot/class.upload.php/src/class.upload.php#L3104
The suffix blacklist detection utilizes a regular expression with $/i. Attackers can bypass this blacklist detection by using
1.php[space],1.php.or Windows-specific characters like1.php::$DATA.We have submitted the issue to the component developer:verot/class.upload.php#187