The image file upload function doesn’t validate a file extension, Content-type, and the content of a file. An image file, containing PHP code and a file extension set to .php, was uploaded and allowed remote code execution.
Kudos to Akash Solanki
This post was created with our nice and easy submission form. Create your post!
GIPHY App Key not set. Please check settings