The file uploader works well, Too well.
It’s unprotected against unloading script files.
I would really like you to add a button to disable dangerous file types on the setting of the upload field.
Any customer currently using this field is at risk of hackers gaining ROOT access to their sites.
As a temp solution I have secured the upload folder, this seems to have worked. The plugin can still save documents but you can’t run them without access
Just to add:
Very hard to secure. More of an ‘only allow safe types’ button approach is required as even a jpg can contain script data.
Link included for your analysis.
You must be logged in to reply to this topic.