Advisory 2023-03/01 Security Issue with PHP 8.1.0
| Vulnerability type | Potential Denial of Service Attack |
| Severity factors | This vulnerability has a CVSS score of 7.5 with a high severity rating |
| Versions affected | FileCloud Versions 22.1 and earlier |
| Version fixed | FileCloud Version 22.1.1 and later |
Description
PHP 8.1.0 allowed large files to be uploaded in a great number of parts which caused the system to consume excessive CPU resources. This exposed FileCloud to potential denial of service attacks. See https://nvd.nist.gov/vuln/detail/CVE-2023-0662 for more information.
Fix
These vulnerabilities have been fixed in FileCloud version 22.1.1.20926 which upgrades PHP to version 8.1.17
What you should do to fix this vulnerability
- If you are using FileCloud Server, it is recommended that you update to the latest version, which is 22.1.1.20926 or greater. This will resolve the issue.
- If you are using FileCloud Online, your site has already been updated to the latest version.
If you have any questions about this advisory, please contact FileCloud support.