Thomas-Chauchefoin-Tob

**Name of the Vulnerable Software and Affected Versions** Snuffleupagus versions prior to 0.13.0 **Description** Snuffleupagus is a module designed to increase the cost of attacks against websites by eliminating bug classes and offering a virtual patching system. In deployments of Snuffleupagus before version 0.13.0, if the non-default upload validation feature is enabled and configured to utilize one of the upstream validation scripts based on Vulcan Logic Disassembler (VLD) while the VLD extension is unavailable to the CLI SAPI, all files received in multipart POST requests are treated as PHP code. This could lead to remote code execution. **Recommendations** Versions prior to 0.13.0 should be updated to version 0.13.0 or later.