Date: Sun, 19 Apr 2015 09:45:56 +0300 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: Wolf CMS 0.8.2 Arbitrary File Upload Vulnerability http://seclists.org/bugtraq/2015/Apr/112 Vendor response: """ This is I believe works as designed. There is currently no limit on what a user can upload. As this is only possible for authenticated users, we are currently not considering this a security issue. If you feel differently, please elaborate why you consider this a security issue. I guess we could add a strict upload mode. Cheers, Martijn """ Prathan Phongthiproek has requested CVE identifier for this issue. Comments? Opinions? -- Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.