Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Vulnerability] Unrestricted File Upload in background site #44

Closed
CodeKlaus opened this issue Apr 11, 2017 · 2 comments

Comments

@CodeKlaus
Copy link

commented Apr 11, 2017

Hi! I found a Unrestricted File Upload Vulnerability on PluckCMS 4.7.4.
I found i can bypass the filetype detection on background site by modifying the MIME type on HTTP request. And with uploading a PHP File, i can get a webshell.

Please fix it ASAP and contact me to get more details(i did not find you email) :
My email:codeklaus@gmail.com

@BSteelooper

This comment has been minimized.

Copy link
Contributor

commented Apr 8, 2018

solved with pull request #54

billcreswell added a commit that referenced this issue Apr 8, 2018

@BSteelooper

This comment has been minimized.

Copy link
Contributor

commented Apr 8, 2018

@CodeKlaus Please verify if solved.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.