إرسال #249815: Automad CMS <= 1.10.9 Unrestricted File Uploadالمعلومات

عنوانAutomad CMS <= 1.10.9 Unrestricted File Upload
الوصفDescription: By default, in the config.php files, the application allows upload files containing dangerous types, such as SVG and PDF. The application also not validate the content type, as shown in the code snippets below are associated with the upload method in the FileCollectionController.php file, located at src\UI\Controllers. This issue allow pentester to upload a SVG or PDF file contains malicious content to execute arbitrary JS code which acts as a stored XSS payload.
المصدر⚠️ https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Unrestricted%20File%20Upload
المستخدم
 Maland (UID 59886)
ارسال09/12/2023 06:12 PM (3 سنوات منذ)
الاعتدال21/12/2023 09:19 AM (12 days later)
الحالةتمت الموافقة
إدخال VulDB248685 [automad حتى 1.10.9 Content Type FileCollectionController.php upload تجاوز الصلاحيات]
النقاط20

Do you know our Splunk app?

Download it now for free!