Only allow images to be served by thumb.php

Bug #1978520 reported by Kristina Hoeppner
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Status tracked in 22.10
21.04
Fix Released
Critical
Unassigned
21.10
Fix Released
Critical
Unassigned
22.04
Fix Released
Critical
Unassigned
22.10
Fix Committed
Critical
Robert Lyon

Bug Description

Files are accessible and can be enumerated by their ID via thumb.php and a particular option.

CVE References

information type: Public → Public Security
information type: Public Security → Private Security
summary: - Files are accessible publicly through thumb.php
+ Only allow images to be served by thumb.php
information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers