|
|
|
|
|
|
by krapp
4525 days ago
|
|
|
That bothers me. That should never be necessary. It looks like they intend everything to be in the webroot, which is a problem in and of itself. Setting everything in the uploads folder to be executable without any .htaccess directives to prevent that seems like a potential issue. If they're not validating images (properly) or sandboxing uploads, or thinking about mitigating directory traversal attacks, then there could be issues with remote code execution. |
|
|