Porlockzzz

**Name of the Vulnerable Software and Affected Versions** ukcms versions 1.1.7 and earlier **Description** A file upload issue exists due to insufficient filtering of the file upload type. An attacker can exploit this by uploading a script Trojan to the `admin.php/admin/configset/index/group/upload.html` endpoint to gain server control. This is achieved by initially composing a request for a `.txt` upload and then modifying it to a `.php` upload. The attacker must have admin access to alter the `upload file ext` setting, also known as "Allow upload file suffix", and use "php,php" in this setting to bypass the "php" restriction. **Recommendations** For ukcms versions 1.1.7 and earlier, as a temporary workaround, consider restricting access to the `admin.php/admin/configset/index/group/upload.html` endpoint until a patch is available. Additionally, restrict the use of the `upload file ext` setting to prevent bypassing the "php" restriction.