2023-11-27 00:00:00
mitre
PUBLISHED
In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering.