Impakhoo

**Name of the Vulnerable Software and Affected Versions** MinDoc versions prior to 1.0.3 **Description** An issue allows attackers to gain privileges by uploading an image file with specific contents that represent an admin session. The attacker can then send a Cookie header with a `mindoc id` value containing the relative pathname of the uploaded file. This can be achieved by manipulating the `mindoc id` to include a pathname such as `aa/../../uploads/blog/201811/attach #.jpg`, where `#` is a hex value displayed in the upload field of a manage/blogs/edit screen. **Recommendations** For MinDoc versions prior to 1.0.3, update to version 1.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the image upload feature and validating the `mindoc id` values to prevent malicious path manipulation. Avoid using the `mindoc id` parameter in the affected API endpoint until the issue is resolved.