The $_POST['filename'] is not filtered so that the php suffix file can be uploaded across directories.
Detail
Using the replace PDF function, an attacker can upload a file with php as the suffix and %PDF as the beginning of file content to any directory by controlling the filename parameter.
Summary
The $_POST['filename'] is not filtered so that the php suffix file can be uploaded across directories.
Detail
Using the replace PDF function, an attacker can upload a file with php as the suffix and %PDF as the beginning of file content to any directory by controlling the filename parameter.
POC
like this
The text was updated successfully, but these errors were encountered: