Enviar #249815: Automad CMS <= 1.10.9 Unrestricted File Uploadinformación

TítuloAutomad CMS <= 1.10.9 Unrestricted File Upload
DescripciónDescription: By default, in the config.php files, the application allows upload files containing dangerous types, such as SVG and PDF. The application also not validate the content type, as shown in the code snippets below are associated with the upload method in the FileCollectionController.php file, located at src\UI\Controllers. This issue allow pentester to upload a SVG or PDF file contains malicious content to execute arbitrary JS code which acts as a stored XSS payload.
Fuente⚠️ https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Unrestricted%20File%20Upload
Usuario
 Maland (UID 59886)
Sumisión2023-12-09 18:12 (hace 3 años)
Moderación2023-12-21 09:19 (12 days later)
EstadoAceptado
Entrada de VulDB248685 [automad hasta 1.10.9 Content Type FileCollectionController.php upload escalada de privilegios]
Puntos20

Do you need the next level of professionalism?

Upgrade your account now!