Validation and Sanitization of the uploaded songs
1.Vulnerability
The code in LaguController.php handles file uploads (audio and image files) but doesn't appear to validate or sanitize the file names or check the file types, which can lead to security issues.
2.Exploit
- Path Traversal Attacks
- Uploading of Malicious Files
3.Fix
The fix was implemented in following commit: ee1b10b5
Edited by Octave Duvivier