Loading

Worried about code exec at uploads folder

General Discussion around Collabtive

Worried about code exec at uploads folder

Postby matom » 22.09.2015, 01:19

Hi, forgive my ignorance but I'm really worried about uploaded files and code execution in the uploads folder. Please correct me if I'm wrong but
1. The uploads path is known
2. The filenames are not encrypted
3. I also noticed that the file permissions of the uploaded files, not just folders are 755. Shouldn't files have 644?

So what does prevent someone logged in user to upload a php script and execute it. What are the security measures of collabtive 2.1.1
matom
 
Posts: 2
Joined: 17.01.2015, 22:13

Return to General

Who is online

Users browsing this forum: No registered users

cron