Open crazydeluobo opened 2 years ago
Hi, When you are in the background, you have admin rights. It can therefore be useful to be able to upload a PHP file to the server. I don't consider this to be a mistake. Regards
like the issues https://github.com/boiteasite/cmsuno/issues/19, It also need in the background , I think it need limit file suffix,Because the website administrator may disclose password 。
Hi, You can't retrieve the password because it is hashed, not crypted. Anyway, the one who is admin knows his password and CmsUno knows only one possible access, that of the admin. The philosophy is not to restrict the capabilities of ADMIN unnecessarily. If you want to change this, you have to edit the file uno/includes/elfinder/php/connector.php. Regards
when you are in the background,you can upload a php file to get webshell。