Описание
Microweber allows Unrestricted File Upload
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file.
Пакеты
Наименование
microweber/microweber
composer
Затронутые версииВерсия исправления
<= 1.1.18
Отсутствует
Связанные уязвимости
CVSS3: 7.8
nvd
больше 5 лет назад
Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file.