Only allow images to be served by thumb.php
Bug #1978520 reported by
Kristina Hoeppner
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Mahara | ||||||
21.04 |
Fix Released
|
Critical
|
Unassigned | |||
21.10 |
Fix Released
|
Critical
|
Unassigned | |||
22.04 |
Fix Released
|
Critical
|
Unassigned | |||
22.10 |
Fix Released
|
Critical
|
Robert Lyon |
Bug Description
Files are accessible and can be enumerated by their ID via thumb.php and a particular option.
CVE References
information type: | Public → Public Security |
information type: | Public Security → Private Security |
summary: |
- Files are accessible publicly through thumb.php + Only allow images to be served by thumb.php |
information type: | Private Security → Public Security |
no longer affects: | mahara |
To post a comment you must log in.