Headline
CVE-2022-0926: Update Files.php · microweber/microweber@89200cf
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
Permalink
Browse files
Update Files.php
- Loading branch information
1 parent 077b1e2 commit 89200cfcc2cfefe5554721e7fa3cf52f6a2a9120
Showing with 254 additions and 2 deletions.
- +254 −2 src/MicroweberPackages/Utils/System/Files.php
@@ -834,10 +834,262 @@ function get_dangerous_files_extentions()
'xqt’, // SuperCalc Macro File’,
'xys’, // XYplorer Script File’,
'zl9’, // ZoneAlarm Quarantined EXE File
'swf’, // Flash File
'key’,
'asax’,
'btapp’,
'xd’,
'fwtemplate’,
'crdownload’,
'whtt’,
'ssp’,
'fmp’,
'jspa’,
'obml16’,
'a5w’,
'crt’,
'vrt’,
'website’,
'p7c’,
'dll’,
'php’,
'mjs’,
'dhtml’,
'xul’,
'bml’,
'download’,
'cshtml’,
'vsdisco’,
'codasite’,
'webbookmark’,
'rjs’,
'wsdl’,
'dml’,
'aro’,
'dcr’,
'shtml’,
'dochtml’,
'dwt’,
'spc’,
'a4p’,
'htaccess’,
'ascx’,
'pac’,
'p7b’,
'xhtm’,
'oam’,
'site’,
'kit’,
'aspx’,
'zul’,
'tpl’,
'htm’,
'seam’,
'svr’,
'pem’,
'url’,
'dap’,
'appcache’,
'chm’,
'wbs’,
'htc’,
'ewp’,
'gsp’,
'asr’,
'der’,
'master’,
'stc’,
'ap’,
'html’,
'p12’,
'xpd’,
'fwp’,
'epibrw’,
'strm’,
'xss’,
'node’,
'disco’,
'gsp’,
'pro’,
'rss’,
'gne’,
'sdb’,
'compressed’,
'asp’,
'browser’,
'php2’,
'sites2’,
'dothtml’,
'bok’,
'axd’,
'nzb’,
'vdw’,
'obml’,
'mhtml’,
'ashx’,
'con’,
'rhtml’,
'alx’,
'opml’,
'web’,
'chat’,
'csr’,
'do’,
'sht’,
'asa’,
'cha’,
'h5p’,
'qf’,
'olp’,
'hyperesources’,
'sparkle’,
'razor’,
'php4’,
'cms’,
'mml’,
'jnlp’,
'har’,
'br’,
'webloc’,
'srf’,
'cer’,
'uhtml’,
'pptmhtml’,
'phtml’,
'xbel’,
'cfm’,
'fwtemplateb’,
'jspx’,
'jsp’,
'xfdl’,
'zhtml’,
'stml’,
'jsonl’,
'maff’,
'dbm’,
'aex’,
'crl’,
'mht’,
'wml’,
'sass’,
'xht’,
'awm’,
'page’,
'hdml’,
'webmanifest’,
'itms’,
'sitemap’,
'shtm’,
'wpp’,
'jss’,
'oth’,
'ucf’,
'prf’,
'freeway’,
'edge’,
'iqy’,
'vrml’,
'mvc’,
'wdgt’,
'discomap’,
'psp’,
'hxs’,
'adr’,
'hype’,
'csp’,
'xhtml’,
'webarchive’,
'qbo’,
'jhtml’,
'svc’,
'phtm’,
'rw3’,
'tpl’,
'stl’,
'wbxml’,
'p7’,
'ndjson’,
'ognc’,
'fwtb’,
'muse’,
'vbd’,
'sites’,
'rt’,
'esproj’,
'private’,
'srl’,
'zhtml’,
'vbhtml’,
'hypetemplate’,
'obml15’,
'hypesymbol’,
'pub’,
'ece’,
'mspx’,
'docmhtml’,
'xws’,
'wgp’,
'tvpi’,
'woa’,
'asmx’,
'xbl’,
'webhistory’,
'idc’,
'jws’,
'lbc’,
'att’,
'tvvi’,
'zvz’,
'php3’,
'webarchivexml’,
'widget’,
'swz’,
'qrm’,
'bwp’,
'atom’,
'cdf’,
'map’,
'hdm’,
'php5’,
'rwsw’,
'wgt’,
'nod’,
'rflw’,
'htx’,
'mvr’,
'an’,
'rwp’,
'lasso’,
'vlp’,
'stp’,
'nxg’,
'faces’,
'kcmsf’,
'ptw’,
'less’,
'saveddeck’,
'ccbjs’,
'wn’,
'ppthtml’,
'jcz’,
'jvs’,
'rwtheme’,
'jst’,
'mapx’,
'cpg’,
'wpx’,
'qbx’,
'suck’,
'iwdgt’,
'public’,
'cphd’,
'moz’,
'zfo’,
'stm’,
'fcgi’,
'itpc’,
‘cfml’
);
0 comments on commit 89200cf
Please sign in to comment.