SS-2014-014: Front end UploadField exposes lists of assets
- Severity:
- Low (?)
- Identifier:
- SS-2014-014
- Versions Affected:
- 3.1
- Versions Fixed:
- 3.1.7
- Release Date:
- 2014-11-08
When used on a front-end form, it's possible for an UploadField to be exploited to expose the list of files within an assets subdirectory to users who do not have permission to view those files.
Thanks to Filype Pereira for reporting.
