Отправить #249815: Automad CMS <= 1.10.9 Unrestricted File UploadИнформация

НазваниеAutomad CMS <= 1.10.9 Unrestricted File Upload
ОписаниеDescription: By default, in the config.php files, the application allows upload files containing dangerous types, such as SVG and PDF. The application also not validate the content type, as shown in the code snippets below are associated with the upload method in the FileCollectionController.php file, located at src\UI\Controllers. This issue allow pentester to upload a SVG or PDF file contains malicious content to execute arbitrary JS code which acts as a stored XSS payload.
Источник⚠️ https://github.com/screetsec/VDD/tree/main/Automad%20CMS/Unrestricted%20File%20Upload
Пользователь
 Maland (UID 59886)
Представление09.12.2023 18:12 (3 лет назад)
Модерация21.12.2023 09:19 (12 days later)
Статуспринято
Запись VulDB248685 [automad до 1.10.9 Content Type FileCollectionController.php upload эскалация привилегий]
Баллы20

Might our Artificial Intelligence support you?

Check our Alexa App!