Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Security Advisory DateSeptember 15, 2021
Vulnerability TypeRemote Code Execution
Severity factors

Medium, because upload of most potentially harmful file types are already blocked by FileCloud, and attackers must gain unauthorized access to the system.

Versions affectedAll versions of FileCloud prior to 21.2.10.17160.xxxxxxx
Version fixedFileCloud Version Version 21.2.0.117160.xxxxx

Description

Attackers with unauthorized admin privileges in FileCloud may have the ability to remotely access and control the FileCloud server, its databases, and its files by uploading files with .phtml and .phar extensions.
The latest version of FileCloud fixes this by prohibiting upload of .phtml and .phar files

...

This has been fixed in FileCloud version 21.2.10.xxxxx17160, which blocks upload of .phtml and .phar files.

...