Unrestricted File Upload Vulnerability in elefant/cms library

 

 

Overview

elefant CMS is vulnerable to an unrestricted file upload. In apps/filemanager/handlers/upload/drop.php, Extension validation can be bypassed by URL encoding.

Remediation

You can find the fix at the following github commit

Github commit

Reference

https://github.com/jbroadway/elefant/commit/afb3346e50b992bcba143660ca2149e563430e05

Ready to be protected?

14 days trial , No credit card upfront , Risk free