提出 #249815: Automad CMS <= 1.10.9 Unrestricted File Upload情報

タイトルAutomad CMS <= 1.10.9 Unrestricted File Upload
説明Description: By default, in the config.php files, the application allows upload files containing dangerous types, such as SVG and PDF. The application also not validate the content type, as shown in the code snippets below are associated with the upload method in the FileCollectionController.php file, located at src\UI\Controllers. This issue allow pentester to upload a SVG or PDF file contains malicious content to execute arbitrary JS code which acts as a stored XSS payload.
ソース⚠️ https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Unrestricted%20File%20Upload
ユーザー
 Maland (UID 59886)
送信2023年12月09日 18:12 (3 年 ago)
モデレーション2023年12月21日 09:19 (12 days later)
ステータス承諾済み
VulDBエントリ248685 [automad 迄 1.10.9 Content Type FileCollectionController.php upload 特権昇格]
ポイント20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!