polonel
commented
2 years ago Thank you for your report. Pull requests are always welcome and appreciated.
Closed thanhlocstudent closed 1 year ago
polonel
commented
2 years ago Thank you for your report. Pull requests are always welcome and appreciated.
### Security Bugs
I found multiple security vulnerabilities on your product. There is a bug can lead to delete all files. Please check the following reference: https://huntr.dev/bounties/c8a838cf-ffcf-40c3-9b53-06a25f18d0a1/ You can also bypass the restriction to upload malicious files to perform "Stored XSS": https://huntr.dev/bounties/967f8e27-5b67-4273-b61e-2217dcd6e8eb/ Multiple IDOR bugs lead to deface the web application or change other user information: https://huntr.dev/bounties/6109e70c-3977-4d7e-b525-d362a386df2d/ https://huntr.dev/bounties/fad58176-4825-479b-a1b6-fd05341036ae/
I submitted these bugs a month ago to help you secure your product but not receive any response from you. Please check these bug and secure your product.