CX File_Manipulation @ website/pictures/upload.php [master]

[vish07]

File_Manipulation issue exists @ website/pictures/upload.php in branch master

The input obtained via <?php in the file website\pictures\upload.php at line 1 is used to determine the location of a file to be written into by <?php in the file website\pictures\upload.php at line 1, potentially allowing an attacker to alter or corrupt the contents of that file, or create a new file altogether.

Severity: High

CWE:552

Vulnerability details and guidance

Checkmarx

Lines: 27 29

---

Code (Line #27):

     mkdir("../upload/{$_POST['tag']}", 0777, True);

---

Code (Line #29):

      $filename = "../upload/{$_POST['tag']}/{$_POST['name']}";

---

[vish07]

Issue still exists.

[vish07]

Issue still exists.