From 742f8b04f233e3cc52bed11f79fcc9911faee776 Mon Sep 17 00:00:00 2001
From: azett <githubregistrierung@azett.com>
Date: Sat, 17 Dec 2022 14:39:15 +0100
Subject: [PATCH] added SVG to forbidden file types in order to prevent
 possible XSS - see
 https://github.com/Nguyen-Trung-Kien/CVE/blob/main/CVE-2022-24588/CVE-2022-24588.pdf

---
 admin/panels/uploader/admin.uploader.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/admin/panels/uploader/admin.uploader.php b/admin/panels/uploader/admin.uploader.php
index eeafcaa6..8febfb67 100755
--- a/admin/panels/uploader/admin.uploader.php
+++ b/admin/panels/uploader/admin.uploader.php
@@ -95,7 +95,8 @@ function onupload() {
 			'jsp',
 			'htm',
 			'html',
-			'wml'
+			'wml',
+			'svg'
 		);
 
 		$imgs = array(