Closed geeeez closed 4 years ago
I'll look for a solution. But to install addons you have to be able to upload PHP files. That is a dilemma.
uploads (file types) are now limited by the config.php file https://github.com/flatCore/flatCore-CMS/commit/0c445d045f66649e7c1572b250ebdb8b9e210ee8
There are any files uploaded in the background of your website, you can upload PHP files, so that if the administrator password is leaked, the file uploaded through here can be directly getshell, take over the web example:
I think you should limit the type of file you upload