The component /php_action/editFile.php does not require any authentication to enable unauthorized users to upload files and execute code. The component should be configured to require authentication. However, the component lacks any authentication filter. As a result, any user with access to the component can upload any file and execute code. The component does not sanitize the uploaded file or even check if the input is a valid file. This results in an arbitrary file upload vulnerability. Attackers can upload any PHP script and execute arbitrary code.
Password fields are not correctly validated in the component. As a result, attackers can easily submit a password which results in an unauthorized user account. The component does not require any authentication to enable unauthorized users to upload files and execute code. The component should be configured to require authentication. However, the component lacks any authentication filter. As a result, any user with access to the component can upload any file and execute code. The component does not sanitize the uploaded file or even check if the input is a valid file. This results in an arbitrary file upload vulnerability. Attackers can upload any PHP script and execute arbitrary code. Password fields are not correctly validated in the component. As a result, attackers can easily submit a password which results in an unauthorized user account
Reported Version :
PHP 7.2.4
Timeline
Published on: 10/07/2022 18:15:00 UTC
Last modified on: 10/09/2022 02:45:00 UTC