Skip to main content
  1. Security/

Ability to control the filename when uploading a logo or favicon on theming

·1 min· loading · loading ·
Nextcloud bugbounty CVE-2023-28833
Christian Angel
Christian Angel
Table of Contents
When uploading a logo or favicon the filename can be controlled by attacker since the key can be modified which serves as the filename.

Proof of Concept:

  1. go to http://localhost/settings/admin/theming
  2. upload a logo or favicon
  3. intercept the request using burp
  4. modify the key