2 matches found
silverstripe/framework allows upload of dangerous file types
Some potentially dangerous file types exist in File.allowedextensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...
PT-2024-40472 · Silverstripe · Silverstripe
Name of the Vulnerable Software and Affected Versions: SilverStripe 4 affected versions not specified Description: The issue concerns potentially dangerous file types in the File.allowed extensions configuration, which could allow a malicious CMS user to upload files that get executed in the...