[File upload vulnerability] CVE-2019-19576 is exist in the code!

Open seongil-wi opened this issue 4 years ago • 0 comments

Hi,

Our research team in KAIST WSP Lab found a known file upload vulnerability in quickapps Please inspect this spot.

The following known vulnerabilities exist in this code: CVE-2019-19576 The file extension filter is a blacklist, so any time a new extension is introduced (in this case phar), or any has been missed, a PHP file can be uploaded.

Thanks!

Aug 27 '21 02:08 seongil-wi