CVE-2019-25471

Name of the Vulnerable Software and Affected Versions FileThingie version 2.5.7

Description The software contains an arbitrary file upload issue that allows attackers to upload malicious files. This is achieved by sending ZIP archives through the 'ft2.php' endpoint. Attackers can upload ZIP files containing PHP shells, utilize the unzip functionality to extract them into accessible directories, and then execute arbitrary commands through the extracted PHP files. The vulnerable parameter is the file uploaded to the 'ft2.php' endpoint.

Recommendations Apply a fix for FileThingie version 2.5.7.