You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The administrator will use the beforSave function in the /common/models/AdminUser.php file to modify the avatar.
This function will call Util's handleModelSingleFileUpload function
We continue to use the handleModelSingleFileUpload function to find that the function directly calls the upload function without filtering the file name.
We followed up the saveAs function and found that the temporary file was directly moved to an undetected file name.
Vulnerability verification
The text was updated successfully, but these errors were encountered:
This function will call Util's handleModelSingleFileUpload function
The text was updated successfully, but these errors were encountered: