You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If subfolder GET parameter is set when calling /tinymce/plugins/filemanager/dialog.php then it is possible to traverse outside the containing folder by using '/../' in the query.
So a web visitor can browse directory structures of the website and upload images if the user running the PHP process has access to those directories.
The text was updated successfully, but these errors were encountered:
If subfolder GET parameter is set when calling /tinymce/plugins/filemanager/dialog.php then it is possible to traverse outside the containing folder by using '/../' in the query.
So a web visitor can browse directory structures of the website and upload images if the user running the PHP process has access to those directories.
The text was updated successfully, but these errors were encountered: