Early Bird Registration for DrupalCon Portland 2024 is open! Register by 23:59 PST on 31 March 2024, to get $100 off your ticket.
Anyone can acces to http://yourserver.com/imce/browse
if the user is not autenticated the directory u0 is created (by default), and anyone can upload & execute to your server a file called "myprogram.jpg.php".
Comments
Comment #1
ufku CreditAttribution: ufku commentedyou need to check your access permissions.
this is possible only if you give 'view/upload access' to anonymous users. and no one can upload php files unless you define .php for allowed non-image file extensions.
after you confirm please feel free to close this issue.
Comment #2
nachete CreditAttribution: nachete commentedthanx for all ;)