Opened 12 years ago
Closed 12 years ago
#935 closed defect (fixed)
EFM demo_images php upload allowed: possible security risk
| Reported by: | ray | Owned by: | yermol |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | Plugin_ImageManager | Version: | |
| Severity: | normal | Keywords: | |
| Cc: |
Description
In the demo configuration you can upload php files which then can be executed (at least under windows or when for any reason permissions are set for the demo_images folder)
This should be prevented
Change History (1)
comment:1 Changed 12 years ago by ray
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
[714]: added .htaccess file that switches php engine off in demo_images