services_captiveportal.php: Image upload does not validate file type
On services_captiveportal.php, uploaded image files are not validated properly. A user with access to the page could upload an arbitrary PHP file instead of an image file, and then use it to execute code/gain extra privileges/etc.
Updated by Chris Linstruth about 2 years ago
I tested this and was unable to upload a small php script named phpinfo.gif into the picture widget.
I also tried it in captive portal and when it did not actually enable (because I didn't select an authentication server) I also got the invalid image message at the top. When I actually managed to enable captive portal to check I hit #9977 which, of course, broke everything.