Possible Security Vulnerability?
How Do I?
Hello All,
Recently found an email in my inbox from a gentleman named “Sahil”, saying he found a vulnerability with a website. I logged into the admin panel and found that a bunch of small few kb images have been added to the uploads.
I do have 2 front-end facing forms, one for candidates to apply for open positions, and a contact form. Both have a file upload. However no forms have been submitted with these images. I’m assuming someone, perhaps our guy “Sahil” was sending POST requests directly bypassing the form?
Anyway, how would I go about preventing this in the future?
Thanks, Viktor.
Hmm, my forms do use CSRF tokens.
Thanks for posting this… What version of ExpressionEngine are you using?
Thanks,
-Tom Jaeger
Hi Tom, I am using version 7.5.16.