[wp-trac] [WordPress Trac] #46742: Path Disclosure issue via Media Uploader
WordPress Trac
noreply at wordpress.org
Sun Mar 31 09:26:21 UTC 2019
#46742: Path Disclosure issue via Media Uploader
--------------------------+-----------------------------
Reporter: chitran | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Media | Version: 5.1
Severity: minor | Keywords:
Focuses: |
--------------------------+-----------------------------
The issue occurs when an user tries to upload a picture via Browser
Uploader feature /wp-admin/media-new.php?browser-uploader with modified
PNG file that contains ASCII characters
Proof of Concepts (Step to reproduce):
1 - Login as an author
2 - Add new media using browser uploader
3 - Modify a PNG file and input some ASCII characters such as:
<script></script>
4 - Click browse and choose that file to upload
5 - After clicking Upload, an error will show up containing Full Path of
current website.
Warning: exif_imagetype(): PNG file corrupted by ASCII conversion in
/var/www/html/wp-includes/functions.php on line 2672
Sorry, this file type is not permitted for security reasons.
Note that this error will be triggered even PHP display_errors = Off
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46742>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list