Oxwall <= 1.8.7 (11111), Motoshub <= 2 (11030) are vulnerable to Incorrect Access Control. Unauthenticated file upload allows an attacker to upload image files.
Write-up (Root Cause Analysis + Technical details + Full Exploit Codes) will be published on my Blog later.
So please update!
Patches
According to the maintainers' claim, they patched this vulnerability for their premium users, but free users need to patch it manually (Please see Workarounds).
Workarounds
Please make these changes to your source code:
Oxwall:
Motoshub:
References
Motoshub
Motoshub/issues/1
Oxwall
For more information
If you have any questions or comments about this advisory:
mir-hossein Analyst
Oxwall <= 1.8.7 (11111), Motoshub <= 2 (11030) are vulnerable to Incorrect Access Control. Unauthenticated file upload allows an attacker to upload image files.
Write-up (Root Cause Analysis + Technical details + Full Exploit Codes) will be published on my Blog later.
So please update!
Patches
According to the maintainers' claim, they patched this vulnerability for their premium users, but free users need to patch it manually (Please see Workarounds).
Workarounds
Please make these changes to your source code:
Oxwall:
Motoshub:
References
Motoshub
Motoshub/issues/1
Oxwall
For more information
If you have any questions or comments about this advisory: