반품
-
제목
Anonymous users can upload arbitrary files into the uploads directory. -
설명
Anonymous users can upload arbitrary files to the upload directory, which is against the best practice guidelines. -
원인
An anonymous attacker can upload a file by sending a POST request (index.php?_fileupload_marker=true). -
해결 방안
The problem has been fixed in the subsequent maintenance LTS release (version 6.1.0), therefore customers should upgrade their installations to version 6.1.0 or later in order to limit anonymous uploads of arbitrary files to the upload directory. -
변경 요청
PAM-9651