Our research team in KAIST WSP Lab found a known file upload vulnerability in quickapps
Please inspect this spot.
The following known vulnerabilities exist in this code: CVE-2019-19576
The file extension filter is a blacklist, so any time a new extension is introduced (in this case phar), or any has been missed, a PHP file can be uploaded.
Hi,
Our research team in KAIST WSP Lab found a known file upload vulnerability in quickapps Please inspect this spot.
The following known vulnerabilities exist in this code: CVE-2019-19576 The file extension filter is a blacklist, so any time a new extension is introduced (in this case phar), or any has been missed, a PHP file can be uploaded.
Thanks!