Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Anyone can acces to http://yourserver.com/imce/browse
if the user is not autenticated the directory u0 is created (by default), and anyone can upload & execute to your server a file called "myprogram.jpg.php".
Comments
Comment #1
ufku CreditAttribution: ufku commentedyou need to check your access permissions.
this is possible only if you give 'view/upload access' to anonymous users. and no one can upload php files unless you define .php for allowed non-image file extensions.
after you confirm please feel free to close this issue.
Comment #2
nachete CreditAttribution: nachete commentedthanx for all ;)