[wp-trac] [WordPress Trac] #21981: Securing the uploads directory
WordPress Trac
wp-trac at lists.automattic.com
Mon Sep 24 13:42:02 UTC 2012
#21981: Securing the uploads directory
-------------------------+----------------------
Reporter: japh | Owner:
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Upload | Version:
Severity: normal | Resolution: wontfix
Keywords: |
-------------------------+----------------------
Comment (by japh):
A compromised user account can use scripts in /uploads/ to exploit the
installation. Not sure of another way around that, besides not letting
accounts be compromised in the first place, which is obviously preferable
but not always avoidable.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21981#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list