7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
19.3%
In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering.
github.com/sapplica/sentrifugo
github.com/sapplica/sentrifugo/issues/384