MariaNattestad / Assemblytics

Assemblytics is a bioinformatics tool to detect and analyze structural variants from a genome assembly by comparing it to a reference genome.
http://assemblytics.com
MIT License
136 stars 28 forks source link

Unauthenticated File upload Vulnerability #33

Closed ghost closed 4 years ago

ghost commented 4 years ago

Attackers can upload malicius files https://github.com/MariaNattestad/Assemblytics/blob/58fb52567b402ab54bc8c4f1126ac1565d46f61f/public/file_upload.php#L7

MariaNattestad commented 4 years ago

Thanks for bringing this up. The uploaded files are not executed, so I'm not sure what the attack would consist of, but I would be happy to take a pull request if you have a fix for this issue. Thanks!