ELabFTW 1.8.5 arbitrary file upload vulnerability

Summary

ELabFTW 1.8.5 has an arbitrary file upload vulnerability that allows low-privileged users or malicious programs to create the contents of arbitrary files on the target host.

Solution

At present, the manufacturer has issued an upgrade patch to fix the vulnerability.

https://www.elabftw.net/