POST File - Critical - Cross Site Scripting, Arbitrary PHP code execution - SA-CONTRIB-2024-060

The module creates an endpoint on the site at /postfile/upload that accepts a POST request for uploading a single file into a specified file system public, private, etc. This module accepts any uploaded file extension, including dangerous file formats so it can be used to bypass the...

Drupal POST File module < 1.0.2 - Unauthenticated Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF vulnerability discovered by Pierre Rudloff in WordPress Module POST File versions 1.0.2...

PT-2024-10478 · Post File +1 · Post File +1

Name of the Vulnerable Software and Affected Versions: Drupal POST File versions 0.0.0 through 1.0.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability in the POST File module of the Drupal CMS system. This vulnerability can be exploited by a remote attacker to...