Affected version:<=1.2
Upload a compromised file with the suffix .php
Published successfully
Vulnerable code:
The reason for the vulnerability is that the file suffix is not filtered here
The text was updated successfully, but these errors were encountered:
Hello @yazi7, I was reviewing your issue and the related CVE-2022-29001. It appears to me that, while uploading a .php file works fine (as the CVE is indeed an arbitrary file upload vulnerability), the file cannot be executed by the Apache Tomcat/9.0.16 Web Engine, which does not natively support PHP execution (as it requires a third-party plugin or a bridge like Apache Tomcat Connectors).
Can you please provides more insights on the file uploading vulnerability you found?
Affected version:<=1.2



Upload a compromised file with the suffix .php
Published successfully
Vulnerable code:
The reason for the vulnerability is that the file suffix is not filtered here
The text was updated successfully, but these errors were encountered: