Description The plugin does not validate files to be uploaded, as well as does not have authorisation and CSRF in an AJAX action handling such upload. As a result, any authenticated users, such as subscriber could upload arbitrary files, such as PHP on the server
Setup (As admin): - Go the the Settlement Settings ad drag the βγγ€γΈγ§γ³γβ module to the βSettlement modules in useβ section, then click the update button - Setup the module and upload a certificate Attack (as a subscriber), login to the blog, open a page with the code below and select a PHP file: This will upload the php file to the uploads/xxxxx/ folder
CPE | Name | Operator | Version |
---|---|---|---|
eq | 2.9.5 |