Upload form allowed to all users bug #4842
Labels
Bug
For errors / faults / flaws / inconsistencies etc.
Critical
Indicates the severity of an issue is very critical and the issue has a very high priority.
worksforme
The issue cannot be reproduced and things work as intended.
Hello , I found a upload form that is shown to any user.
We can even upload files without getting access to a panel ..
Here is the upload form :
http://crowdfunding.piwik.org/wp-content/plugins/ignitiondeck/templates/admin/_productForm.php
A malicious attacker could use this to upload a malicious PHP script then he will take control of your website..
Please make sure you patch it & answering me.
Keywords: bug upload hacker
The text was updated successfully, but these errors were encountered: