Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Product: Microweber
Product Version: 1.1.18
Unrestricted File upload / No validation of Image extensions on add image functionality on profile page
The component is: Admin Account Profile Page. The attack vector is: No Validation on Profile Image upload.
The vulnerability has been identified on Admin account Page. An attacker can upload PHP code or any extension (eg- .exe) to the webserver, by providing image data and the image/jpeg content type, with a .php extension.
Attack Type: Local
No Validation on Profile Image upload which leads to upload any type of extension on admin profile upload.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment