CVE-2022-40797

Posted on by admin

CVE-2022-40797

Roxy Fileman 1.4.6 allows Remote Code Execution via a .phar upload, because the default FORBIDDEN_UPLOADS value in conf.json only blocks .php, .php4, and .php5 files. (Visiting any .phar file invokes the PHP interpreter in some realistic web-server configurations.)

Source: CVE-2022-40797

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다