CVE-2023-29770 Information

Description

In Sentrifugo 3.5 the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering.

Reference

https://github.com/sapplica/sentrifugo/issues/384 https://github.com/sapplica/sentrifugo