File Chooser Field - Moderately critical - Server Side Request Forgery, Information Disclosure - SA-CONTRIB-2023-015

Project: File Chooser FieldDate: 2023-May-17Security risk: Moderately critical 14∕25 AC:Basic/A:User/CI:Some/II:None/E:Exploit/TD:AllVulnerability: Server Side Request Forgery, Information DisclosureDescription: The File Chooser Field allows users to upload files using 3rd party plugins such as Google Drive and Dropbox.
This module fails to validate user input sufficiently which could under certain circumstances lead to a Server Side Request Forgery (SSRF) vulnerability leading to Information Disclosure. In uncommon configurations and scenarios, it might lead to Remote Code Execution.Solution: 

Reported By: 

Fixed By: 

Coordinated By: 

Path to article