Upload form allowed to all users bug #4842
Labels
Bug
For errors / faults / flaws / inconsistencies etc.
Critical
Indicates the severity of an issue is very critical and the issue has a very high priority.
worksforme
The issue cannot be reproduced and things work as intended.
Comments
|
I couldn't find that the form uploads a file. It seems it just reloads the page without uploading the file. Thanks for the report! See http://piwik.org/security/ |
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello , I found a upload form that is shown to any user.
We can even upload files without getting access to a panel ..
Here is the upload form :
http://crowdfunding.piwik.org/wp-content/plugins/ignitiondeck/templates/admin/_productForm.php
A malicious attacker could use this to upload a malicious PHP script then he will take control of your website..
Please make sure you patch it & answering me.
Keywords: bug upload hacker
The text was updated successfully, but these errors were encountered: