CVE-2019-5009 باگ در Vtiger CRM 7.1.0

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension “php3” in the logo upload field, if the uploaded file is in PNG format and has a size of 150×40. One can put PHP code into the image; PHP code can be executed using “<? ?>” tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php. (CVSS:0.0) (Last Update:2019-01-04)
مدیریت سرور پشتیبانی و مشاوره – ثبت دامنه