제출 #249815: Automad CMS <= 1.10.9 Unrestricted File Upload정보

제목Automad CMS <= 1.10.9 Unrestricted File Upload
설명Description: By default, in the config.php files, the application allows upload files containing dangerous types, such as SVG and PDF. The application also not validate the content type, as shown in the code snippets below are associated with the upload method in the FileCollectionController.php file, located at src\UI\Controllers. This issue allow pentester to upload a SVG or PDF file contains malicious content to execute arbitrary JS code which acts as a stored XSS payload.
원천⚠️ https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Unrestricted%20File%20Upload
사용자
 Maland (UID 59886)
제출2023. 12. 09. PM 06:12 (3 연령 ago)
모더레이션2023. 12. 21. AM 09:19 (12 days later)
상태수락
VulDB 항목248685 [automad 까지 1.10.9 Content Type FileCollectionController.php upload 권한 상승]
포인트들20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!