|Security Advisory Date||September 15, 2021|
|Vulnerability Type||Remote Code Execution|
Medium, because upload of most potentially harmful file types are already blocked by FileCloud, and attackers must gain unauthorized access to the system.
|Versions affected||All versions of FileCloud prior to 188.8.131.5260.|
|Version fixed||FileCloud Version 184.108.40.20660.|
Attackers with unauthorized admin privileges in FileCloud may have the ability to remotely access and control the FileCloud server, its databases, and its files by uploading files with .phtml and .phar extensions.
The latest version of FileCloud fixes this by prohibiting upload of .phtml and .phar files
This has been fixed in FileCloud version 220.127.116.1160, which blocks upload of .phtml and .phar files.
What you should do
If you have any questions about this advisory, please contact FileCloud support.