Description
phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the complete JSON-encoded result set in an inline script block, exposing uploader IP addresses, Argon2ID key hashes, internal filenames, and SHA-256 fingerprints.
Problem types
Exposure of Private Personal Information to an Unauthorized Actor
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Product status
Any version before 2.0.2
Credits
@rayyb0t (https://github.com/rayyb0t)
VulnCheck
References
github.com/shimosyan/phpUploader/releases/tag/v2.0.2 (Release Notes)
github.com/shimosyan/phpUploader/pull/294 (Pull Request)
github.com/...ommit/45dc4f1c9a2de5ade427deebad0148834c0e8c50 (Patch Commit)
www.vulncheck.com/...cated-database-exposure-via-index-model