Design/Logic Flaw

2023-11-2800:15:00

PRIOn knowledge base

www.prio-n.com

sentrifugo

assetscontroller

uploadsaveaction

logic flaw

unauthorized file uploads

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

19.3%

In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering.

CPENameOperatorVersion
sentrifugoeq3.5

CPE	Name	Operator	Version
	sentrifugo	eq	3.5

References

github.com/sapplica/sentrifugo

github.com/sapplica/sentrifugo/issues/384