You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
anyone who can execute this file: \src\assets\lib\plupload\examples\upload.php can upload any file to server to location ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . "plupload" . DIRECTORY_SEPARATOR . $_REQUEST["name"]
it is quite a serious security bug where there should be filter for the extension of the file..
I recommend to delete this file from production or put exit; on the first line for the release of Bootstrap-Admin-Template
The text was updated successfully, but these errors were encountered:
anyone who can execute this file: \src\assets\lib\plupload\examples\upload.php can upload any file to server to location ini_get("upload_tmp_dir") . DIRECTORY_SEPARATOR . "plupload" . DIRECTORY_SEPARATOR . $_REQUEST["name"]
it is quite a serious security bug where there should be filter for the extension of the file..
I recommend to delete this file from production or put exit; on the first line for the release of Bootstrap-Admin-Template
The text was updated successfully, but these errors were encountered: