CVE-2021-23814 Unrestricted Upload of File with Dangerous Type #1113
Labels
security
Exploits, attacks, dangerous leaks.
Comments
|
Yeah, I noticed it before: Roave/SecurityAdvisories#89 but it's not linked to the repo apparently. |
|
|
|
I am still able to do this in 2.6. It needs to check file extensions too. Something like.... function hasAllowedExtension($allowed_extensions)
{
$extension = $this->file->getClientOriginalExtension();
if (!in_array($extension, $allowed_extensions)) {
throw new ExcutableFileException($extension);
}
return $this;
} |
|
Thanks @deanzod . |
This was referenced Nov 30, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
GHSA-f8x6-m9f5-ffp8
Surprisingly can't find anything about this in the issues here yet, is this something that's gonna be addressed soon?
Thanks a lot!
The text was updated successfully, but these errors were encountered: