Larry W. Cashdollar

I agree. This bug also causes file transfers over ssh to be truncated if they are large regardless of the file transfer still occurring.

You'd need to modify the code to either store uploaded files in a path not in the web root or filter what types of files are allowed to be uploaded.

I'd make the uploadDir /var/tmp

bscript's above exploit will work to test from the Linux command line.

My exploit looked like this: $ curl -vk http://localhost/php-uploader/examples/upload.php -F "[email protected]" * Trying ::1... * TCP_NODELAY set * Connected to localhost (::1) port 80 (#0) > POST /php-uploader/examples/upload.php HTTP/1.1 >...

I'm going to assign a CVEid of CVE-2022-40721 to track this.

It depends on how corrupted it is. Do you have a sample of the binary?