Submeter #249815: Automad CMS <= 1.10.9 Unrestricted File Uploadinformação

TítuloAutomad CMS <= 1.10.9 Unrestricted File Upload
DescriçãoDescription: By default, in the config.php files, the application allows upload files containing dangerous types, such as SVG and PDF. The application also not validate the content type, as shown in the code snippets below are associated with the upload method in the FileCollectionController.php file, located at src\UI\Controllers. This issue allow pentester to upload a SVG or PDF file contains malicious content to execute arbitrary JS code which acts as a stored XSS payload.
Fonte⚠️ https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Unrestricted%20File%20Upload
Utilizador
 Maland (UID 59886)
Submissão09/12/2023 18h12 (há 3 anos)
Moderação21/12/2023 09h19 (12 days later)
EstadoAceite
Entrada VulDB248685 [automad até 1.10.9 Content Type FileCollectionController.php upload Elevação de Privilégios]
Pontos20

Do you know our Splunk app?

Download it now for free!