This PHP class uploads files and manipulates images very easily. It is in fact as much as an image processing class than it is an upload class. Compatible with PHP 4, 5, 7 and 8. Supports processing of local files, uploaded files, files sent through XMLHttpRequest.
Recently, our team found a Arbitrary File Upload vulnerability,The vulnerability logic is present in the file:https://github.com/verot/class.upload.php/blob/master/src/class.upload.php#L3156
The suffix blacklist detection utilizes a regular expression with $/i. Attackers can bypass this blacklist detection by using 1.php[space], 1.php. or Windows-specific characters like 1.php::$DATA. A similar issue is also present in CVE-2017-7695.
Suggested Fix: You can refer to the remediation method used in CVE-2017-7695, which involves removing the $ symbol from the regular expression or switching to a whitelist detection approach to prevent attackers from uploading malicious scripts.
For the program's MIME detection, a script can be written to prevent malicious code from being overwritten by the resizing code. As a result, we can successfully upload the image_resized.php file.
verot
commented
1 month ago
Recently, our team found a Arbitrary File Upload vulnerability,The vulnerability logic is present in the file:https://github.com/verot/class.upload.php/blob/master/src/class.upload.php#L3156
The suffix blacklist detection utilizes a regular expression with 
For the program's MIME detection, a script can be written to prevent malicious code from being overwritten by the resizing code. As a result, we can successfully upload the 
$/i. Attackers can bypass this blacklist detection by using1.php[space],1.php.or Windows-specific characters like1.php::$DATA. A similar issue is also present in CVE-2017-7695. Suggested Fix: You can refer to the remediation method used in CVE-2017-7695, which involves removing the$symbol from the regular expression or switching to a whitelist detection approach to prevent attackers from uploading malicious scripts.image_resized.phpfile.