-
Helmut Hummel authored
By having an inverted condition, attackers could upload arbitrary extensions by only knowing the username and the extension key. When knowing a username of a TER admin, it was also possible to perform TER admin commands (like deleting extensions) via SOAP
Helmut Hummel authoredBy having an inverted condition, attackers could upload arbitrary extensions by only knowing the username and the extension key. When knowing a username of a TER admin, it was also possible to perform TER admin commands (like deleting extensions) via SOAP
Loading