| タイトル | Automad CMS <= 1.10.9 Unrestricted File Upload |
|---|
| 説明 | Description:
By default, in the config.php files, the application allows upload files containing dangerous types, such as SVG and PDF. The application also not validate the content type, as shown in the code snippets below are associated with the upload method in the FileCollectionController.php file, located at src\UI\Controllers.
This issue allow pentester to upload a SVG or PDF file contains malicious content to execute arbitrary JS code which acts as a stored XSS payload. |
|---|
| ソース | ⚠️ https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Unrestricted%20File%20Upload |
|---|
| ユーザー | Maland (UID 59886) |
|---|
| 送信 | 2023年12月09日 18:12 (3 年 ago) |
|---|
| モデレーション | 2023年12月21日 09:19 (12 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 248685 [automad 迄 1.10.9 Content Type FileCollectionController.php upload 特権昇格] |
|---|
| ポイント | 20 |
|---|