SS-2014-013: Upload fileexists vulnerability
- Low (?)
- Versions Affected:
- Versions Fixed:
- Release Date:
If using the `UploadField` (either on the front-end or the back-end) the `fileexists` method may expose the existence of files outside of the designated upload folder. Using parent path selectors it was possible to determine the existence of files anywhere the web server had read access.
The issue has been resolved by triggering a HTTP error if a filename including a relative path is specified instead of a pathless filename.