Bug #9804
closed
services_captiveportal.php: Image upload does not validate file type
100%
Description
On services_captiveportal.php, uploaded image files are not validated properly. A user with access to the page could upload an arbitrary PHP file instead of an image file, and then use it to execute code/gain extra privileges/etc.
Updated by Jim Pingle about 5 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset 09d597434c9ccb456c8f207649dbe43fd5ff85db.
Updated by Jim Pingle about 5 years ago
- Target version changed from 2.5.0 to 2.4.5
Updated by Chris Linstruth almost 5 years ago
I tested this and was unable to upload a small php script named phpinfo.gif into the picture widget.
I also tried it in captive portal and when it did not actually enable (because I didn't select an authentication server) I also got the invalid image message at the top. When I actually managed to enable captive portal to check I hit #9977 which, of course, broke everything.
Updated by Jim Pingle almost 5 years ago
- Status changed from Feedback to Resolved
That should be good enough. I also cannot upload anything but a valid image in those fields on 2.5.0, so it would appear this is fixed.