Arbitrary File Upload Vulnerability in resumable.php (PHP Backend for resumable.js)

Arbitrary File Upload Vulnerability in resumable.php (PHP Backend for resumable.js)

CVE-2023-52086 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. (File overwrite hasn't been possible with the code available in GitHub in recent years, however.)

Learn more about our Cis Benchmark Audit For F5.