This project is read-only.

Double Extension threat on Avatar

Jan 14, 2013 at 7:43 AM
Edited Jan 14, 2013 at 7:44 AM


I'm currently using Piedone Avatar for a site. The security screening detect that this module contains a double extension threat to the site. So I make some minor modification, if you want to see the modification, you can look into my blog post here

Glad to help. If you can, please add the code so that others will be informed and safe.

Jan 14, 2013 at 11:03 AM


thank you! Could you explain what specifically the vulnerability is? Uploading e.g. attack.jpg.exe will be correctly detected as an exe file and prevented from uploading.