I'm trying to reach you regarding security vulnerability I have found in your application.
Can you add a SECURITY.md file with an e-mail to your repository, so that our system can send you the vulnerability details? GitHub suggests that a security policy is the best way to make sure security issues are responsibly disclosed.
Once you've done that, you should receive an e-mail within the next hour with more info.
Thanks!
The text was updated successfully, but these errors were encountered:
Since the author is not responding (since 23.12.2021), vulnerability is being disclosed publicly.
The OAS application does not filter the uploaded content, which enables attacker to upload malicious PHP file via documents.php and obtain code execution. Since the application does not require to authenticate, it's easy to exploit this vulnerability.
I have created exploit for that: https://www.exploit-db.com/exploits/50623
Hello,
I'm trying to reach you regarding security vulnerability I have found in your application.
Can you add a
SECURITY.mdfile with an e-mail to your repository, so that our system can send you the vulnerability details? GitHub suggests that a security policy is the best way to make sure security issues are responsibly disclosed.Once you've done that, you should receive an e-mail within the next hour with more info.
Thanks!
The text was updated successfully, but these errors were encountered: