Posted by Simon Waters on Mar 26
Berta CMS is a web based content management system using PHP and local file storage.
Due to use of a 3rd party Berta CMS website to redirect links within a phishing email brought to our attention we
checked the file upload functionality of this software.
We found that the file upload didn’t require authentication.
Images with a “.php” extension could be uploaded, and all that was required is that they pass…