In application/admin/controller/EditorController.php, it handles editor file upload through server function
And then in extend/tools/UEditor.php function upFile,
it does not check the extension of the file then save it to local storage.
so when upload a file/image/vedio,we can upload a PHP file to getshell.
I test this vulnerability in your demo, and demonstrate it exist, please fix it as soon as possible.
The text was updated successfully, but these errors were encountered:
Thank you, I have dealt with this problem. Currently, login judgment restrictions have been set in the/application/admin/controller/EditorController.phpfile, and the file suffix verification function has been added to the /extend/tools/UEditor.phpfile.
OK, I would appreciate it if you could help me request a CVE ID for this vulnerability in github. So just create a security advisory, and then request a CVE ID
In application/admin/controller/EditorController.php, it handles editor file upload through server function



And then in extend/tools/UEditor.php function upFile,
it does not check the extension of the file then save it to local storage.
so when upload a file/image/vedio,we can upload a PHP file to getshell.
I test this vulnerability in your demo, and demonstrate it exist, please fix it as soon as possible.

The text was updated successfully, but these errors were encountered: