Bug #9804
closed
services_captiveportal.php: Image upload does not validate file type
Added by Jim Pingle about 5 years ago.
Updated over 4 years ago.
Affected Architecture:
All
Description
On services_captiveportal.php, uploaded image files are not validated properly. A user with access to the page could upload an arbitrary PHP file instead of an image file, and then use it to execute code/gain extra privileges/etc.
- Status changed from New to Feedback
- % Done changed from 0 to 100
- Target version changed from 2.5.0 to 2.4.5
I tested this and was unable to upload a small php script named phpinfo.gif into the picture widget.
I also tried it in captive portal and when it did not actually enable (because I didn't select an authentication server) I also got the invalid image message at the top. When I actually managed to enable captive portal to check I hit #9977 which, of course, broke everything.
- Status changed from Feedback to Resolved
That should be good enough. I also cannot upload anything but a valid image in those fields on 2.5.0, so it would appear this is fixed.
- Private changed from Yes to No
Also available in: Atom
PDF
Updated by 
Updated by