CVE-2023-52086

Name of the Vulnerable Software and Affected Versions resumable.php versions 0.1.4 through 3c6dbf5

Description The issue allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. It is noted that file overwrite has not been possible with the code available in GitHub in recent years.

Recommendations For versions 0.1.4 through 3c6dbf5, consider disabling the upload.php script until a patch is available to prevent arbitrary file uploads. Restrict access to the upload.php endpoint to minimize the risk of exploitation. Avoid using the ../ path traversal in the multipart/form-data content to prevent uploading files to unintended locations.