Описание
resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn't been possible with the code available in GitHub in recent years, however.)
resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn't been possible with the code available in GitHub in recent years, however.)
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-52086
- https://github.com/dilab/resumable.php/issues/34
- https://github.com/dilab/resumable.php/pull/27/commits/3e3c94d0302bb399a7611b4738a5a4dd0832a926
- https://github.com/dilab/resumable.php/pull/39/commits/408f54dff10e48befa44d417933787232a64304b
- https://github.com/dilab/resumable.php/pull/39/commits/d3552efd403e2d87407934477eee642836cab3b4
- https://github.com/dilab/resumable.php/commit/3c6dbf5170b01cbb712013c7d0a83f5aac45653b
EPSS
CVE ID
Связанные уязвимости
resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn't been possible with the code available in GitHub in recent years, however.)
EPSS