vendor: https://github.com/sruupl/batflat
version: <= 1.3.6
An external control of file name or path vulnerability (CWE-73) is in inc/modules/settings/Admin.php
.
At line 371, the file path and content to write are both partially controlled by the attacker.
Although the extension of the file is limited to .ini
, the attacker can write a .user.ini
file
that is supported by PHP running on fastcgi to make arbitrary code execution.