2023-12-26 00:00:00
mitre
PUBLISHED
resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasnt been possible with the code available in GitHub in recent years, however.)