: If possible, disable the online plugin installation feature in config.php and manage plugins via manual file transfer or CLI.
The system fails to properly validate the contents of .zip or .rar plugin packages during the administrative "Install Plugin" process, allowing an attacker to upload a web shell. Technical Analysis 53849.rar
: Implement Web Application Firewall rules to block the upload of archives containing .php files in the plugin management path. : If possible, disable the online plugin installation
: Because the extraction path is predictable, the attacker can access the web shell directly via a URL like: http://[target-domain]/addons/[plugin_name]/shell.php Impact : If possible