ExpressionEngine: Import File Converter - local File inclusion

ID H1:341992
Type hackerone
Reporter lawrenceamer
Modified 2018-05-17T23:03:52


@lawrenceamer discovered a local file inclusion vulnerability that logged in users with access to the control panel and permission to access developer utilities may be able to exploit. @lawrenceamer gave a detailed report with step-by-step instructions for replicating and screen captures of a their results, enabling a speedy resolution to the issue.