Skip to content

[Misdetection] PHP file misdetected as image when image is injected at the start of the file #468

New issue
New issue
Open
Open
[Misdetection] PHP file misdetected as image when image is injected at the start of the file#468
Labels
misdetectionThis issue is about a misdetection on a content type currently supportedneeds triageThis issue still needs triage by one of the maintainers
@riklaunim

Description

@riklaunim
riklaunim
opened on May 20, 2024

If you take an image file, append PHP code to it (and rename to .PHP) it will be recognized as image. Old PHP code injection vulnerabilities were possible with such files when the code used a bad source of mime type detection.

Example file (PNG icon with phpinfo at the end):
example.zip

Metadata

Metadata

Assignees

No one assigned

    Labels

    misdetectionThis issue is about a misdetection on a content type currently supportedneeds triageThis issue still needs triage by one of the maintainers

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions