Skip to content
← Turn your feedback into functionality

CMS PaaS (Content Management System)

CMS PaaS (Content Management System)

Categories

JUMP TO ANOTHER FORUM

(thinking…)

Welcome! 👋

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback

1 result found

  1. Potential security risk in <Import Data> feature

    The file upload used in the [Import Data] feature in the Settings interface does not limit the file extensions to .episerverdata only. Other file extensions can be uploaded (including files in a zipped file, which may pose security threat to the platform. Specially, when uploading a zipped antivirus test file, the system will display <Import successful>.
    Allowing an undesirable or malicious file to reside on a system—even if it is not immediately executed or processed—constitutes a security vulnerability in itself. "Unrestricted upload of file with dangerous type" is formally documented as a common weakness under CWE-434, highlighting that simply permitting…

    1 vote

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    Research & Design  ·  0 comments  ·  Security & Compliance  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
  • Don't see your idea?