返回
-
标题
Anonymous users can upload arbitrary files into the uploads directory. -
说明
Anonymous users can upload arbitrary files to the upload directory, which is against the best practice guidelines. -
原因
An anonymous attacker can upload a file by sending a POST request (index.php?_fileupload_marker=true). -
解决办法
The problem has been fixed in the subsequent maintenance LTS release (version 6.1.0), therefore customers should upgrade their installations to version 6.1.0 or later in order to limit anonymous uploads of arbitrary files to the upload directory. -
变更请求
PAM-9651