Disable Extension Upload functionality in Admin screen(LEX file)

Description

Hi Team,

As part of Ethical hacking scanning in our organization, team had found vulnerability (File Upload - OS Command Execution) on uploading some web shell script file in Extensions - Applications functionality admin screen (/lucee/admin/web.cfm?action=ext.applications).

Functionality Name: Upload new extension (experimental)

Please let us know, is there anyway, we can hide/remove that Extension upload functionality?

Need your immediate support in this regard.

Thanks!!

Status

Assignee

Unassigned

Reporter

Senthilkumar

Labels

None

Affects versions

Priority

Critical
Configure