Описание
resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn't been possible with the code available in GitHub in recent years, however.)
Ссылки
- Patch
- Issue Tracking
- Patch
- Patch
- Patch
- Patch
- Issue Tracking
- Patch
- Patch
- Patch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:startutorial:php_backend_for_resumable.js:0.1.4:*:*:*:*:*:*:*
EPSS
Процентиль: 28%
0.00097
Низкий
8.1 High
CVSS3
Дефекты
CWE-434
Связанные уязвимости
github
около 2 лет назад
resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn't been possible with the code available in GitHub in recent years, however.)
EPSS
Процентиль: 28%
0.00097
Низкий
8.1 High
CVSS3
Дефекты
CWE-434