New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
V1.5.3: Unrestricted File Upload Vulnerability #325
Comments
|
thank you for reporting, the upload-feature is for registered users only. I will fix that asap and upload a hotfix version. |
|
just published the hotfix 1.5.3.1. I added a separate extension check and repeated the mimetype check when the file is uploaded to the temporary folder. If mimetype fails there, then the file is deleted immediately. Also updated the htaccess. Vulnerability reported in #268 is still fixed. The reason behind this security whole: Some environments did not support the mimetype extraction of a base64 string, so as a quick fix I made it conditiionally and this opened up for this vulnerability. Now solved properly be checking the mimetype of the stored file which works in all environments. Thank you for reporting again! |
|
Hi @trendschau |
|
I cannot reproduce that error. Can you please open your developer tools in the browser, upload an image or file again and check the errors in the dev-tools? You should see something in the tabs "console" and/or "network". |
|
Can you click on "network" and then inspect the call to api/v1/image? Just click on the call and then open the tab "response" and please post the content of the response, there should be a detailed error message. Before you do that, please go to the settings in the admin area, scroll down to developer settings and activate the checkbox for report errors so that all error details are visible. |
|
Thanks @trendschau for the hint. I found the error: |

See PDF for details:
typemill-1.5.3-backstage.UploadVul.pdf
The text was updated successfully, but these errors were encountered: