CVE-2020-19228: File upload vulnerability · Issue #1242 · bludit/bludit

A secondary authentication is an interesting idea, but how should it work?

I mean the user has administrator rights.

It doesn’t make sense to use an email link, since the admin can change them to his own one before. An additional password also doesn’t help either, since he obviously already figured out the password of the admin account.

A solution would be to look at each single file of the backup archive instead, but that’s maybe horrible slow if the Bludit website has hundreds or thousands of pages and files.

The Backup plugin could also generate a unique signature and sign all the backup archives with them using their hashed value. But, in this case you need to keep the ‘signature key’ if you need to upload the backup on another website or if the backup plugin or the signature file respectively gets removed From the Bludit installation itself. (The only benefit would be, that the archive can still be manually uploaded to the Bludit website if something like that happened).