Opened 10 years ago

Closed 10 years ago

#935 closed defect (fixed)

EFM demo_images php upload allowed: possible security risk

Reported by: ray Owned by: yermol
Priority: normal Milestone:
Component: Plugin_ImageManager Version:
Severity: normal Keywords:
Cc:

Description

In the demo configuration you can upload php files which then can be executed (at least under windows or when for any reason permissions are set for the demo_images folder)

This should be prevented

Change History (1)

comment:1 Changed 10 years ago by ray

  • Resolution set to fixed
  • Status changed from new to closed

[714]: added .htaccess file that switches php engine off in demo_images

Note: See TracTickets for help on using tickets.