4 matches found
CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule
Impact The extin upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as:...
PT-2026-48810
Name of the Vulnerable Software and Affected Versions CodeIgniter versions prior to 4.7.3 Description The ext in upload validation rule incorrectly checks the MIME-derived guessed extension instead of the extension provided in the client filename. This allows a file with an executable extension,...
CVE-2025-12655 Hippoo Mobile App for WooCommerce <= 1.7.1 - Missing Authorization to Unauthenticated Limited File Write
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to arbitrary file write via a missing authorization check in all versions up to, and including, 1.7.1. This is due to the REST API endpoint /wp-json/hippoo/v1/wc/token/savecallback/tokenid being registered with...
File Upload Vulnerability in Wando OA System
Wando Ezoffice system is a set of jsp-based oa system , the system is based on J2EE architecture technology of three-tier architecture , completely B / S architecture , widely used in various industries . Wando Ezoffice collaborative office platform there is a file upload vulnerability in...