Description
This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests.
Impact
If exploited, the attacker can overwrite files which could result in denial-of-service by overwriting the database, or even remote code execution.
Patches
The issue has been patched in version 1.4.0. Users are advised to upgrade to this version to resolve the vulnerability.
Credit
Thanks to Hannes Michel and Adam Kornerud for reporting this vulnerability.
Description
This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests.
Impact
If exploited, the attacker can overwrite files which could result in denial-of-service by overwriting the database, or even remote code execution.
Patches
The issue has been patched in version 1.4.0. Users are advised to upgrade to this version to resolve the vulnerability.
Credit
Thanks to Hannes Michel and Adam Kornerud for reporting this vulnerability.