Closed liao10086 closed 5 years ago
I found a php code execution vulnerability in apps/filemanager/upload/drop.php at V2.0.5
Sep: 1.delete /files/.htaccess use delete file api to delete .htaccess POST /filemanager/api/rm/.htaccess
upload php file success
php code execution
Suggest:Use white list author by:xijun.liao@dbappsecurity.com.cn
Thanks for reporting this! I believe the issue is fixed in master now. I'll be making a new release tomorrow as well.
I found a php code execution vulnerability in apps/filemanager/upload/drop.php at V2.0.5![4](https://user-images.githubusercontent.com/37523122/44785635-25bec880-abc4-11e8-8b7b-551e94287fea.png)
Sep: 1.delete /files/.htaccess
use delete file api to delete .htaccess POST /filemanager/api/rm/.htaccess
upload php file success
php code execution
Suggest:Use white list author by:xijun.liao@dbappsecurity.com.cn