Security issue #145
Description
Hi
It is possible to upload files by using the direct url
/admin/plugins/ckeditor/fm/connectors/php/upload.php
So you can upload a file to images folder and rename it by using:
/admin/plugins/ckeditor/plugins/pdw_file_browser/actions.php
Here is the server provider log:
12/01/2025 12:03:49
Ausfuehrendes Script: ~/www/admin/plugins/ckeditor/fm/connectors/php/upload.php
Betroffene Datei: www/images/af84723e11b2.gif
Vorgang: create
12/01/2025 12:03:49
Ausfuehrendes Script: ~/www/admin/plugins/ckeditor/fm/connectors/php/upload.php
Betroffene Datei: www/images/af84723e11b2.gif
Vorgang: open
12/01/2025 12:03:49
Ausfuehrendes Script: ~/www/admin/plugins/ckeditor/fm/connectors/php/upload.php
Betroffene Datei: www/images/af84723e11b2.gif
Vorgang: setattr
12/01/2025 12:03:49
Ausfuehrendes Script: ~/www/admin/plugins/ckeditor/plugins/pdw_file_browser/actions.php
Betroffene Datei: www/images/af84723e11b2.gif
Vorgang: rename-from
12/01/2025 12:03:49
Ausfuehrendes Script: ~/www/admin/plugins/ckeditor/plugins/pdw_file_browser/actions.php
Betroffene Datei: www/images/af84723e11b2.php
Vorgang: rename-to