Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 19 Apr 2015 09:45:56 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: Wolf CMS 0.8.2 Arbitrary File Upload Vulnerability

http://seclists.org/bugtraq/2015/Apr/112

Vendor response:

"""
This is I believe works as designed. There is currently no limit on what a
user can upload.

As this is only possible for authenticated users, we are currently not
considering this a security issue.

If you feel differently, please elaborate why you consider this a security
issue. I guess we could add a strict upload mode.

Cheers, Martijn
"""

Prathan Phongthiproek has requested CVE identifier for this issue.

Comments? Opinions?

-- 
Henri Salo

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.