Dear @ignacionelson,
I found a vulnerability that execute malicious script of user,
Description:
Because of lacking of sanitizer when echo output data in returnFilesIds() function in {webroot}/includes/Classes/Download.php , the low privilege user (Uploader role) can call this function through process.php file and execute scripting code
Hi! Thanks for your report. This seems to be based on r1295 instead of the code on this repository, and this issue was already fixed here but casting the value to integer.
$file_list[] = (int)$data['value']; //file-id must be int
Dear @ignacionelson,
I found a vulnerability that execute malicious script of user,
Description:
Because of lacking of sanitizer when echo output data in returnFilesIds() function in

{webroot}/includes/Classes/Download.php, the low privilege user (Uploader role) can call this function through process.php file and execute scripting codePoC:
{webroot}/process.php?do=return_files_ids&files[0][name]=x&files[0][value]=23"><img src=x onerror=alert(1);>Solutions:
The text was updated successfully, but these errors were encountered: