RootCauseunvalidated

even if a user somehow exploits a security flaw in one of your plugins to have the ability to upload files — files shouldn't be writable by the webserver. Tension: they can't upload a replacement `index.php` with a `keylogger` or `javascript-based bitcoin miner` inside, if the webserver itself doesn't write access. Outcome: the webserver itself doesn't write access.

05438ca9-3882-4721-8322-eadf238bd023

even if a user somehow exploits a security flaw in one of your plugins to have the ability to upload files — files shouldn't be writable by the webserver. Tension: they can't upload a replacement index.php with a keylogger or javascript-based bitcoin miner inside, if the webserver itself doesn't write access. Outcome: the webserver itself doesn't write access.

even if a user somehow exploits a security flaw in one of your plugins to have the ability to upload files — files shouldn't be writable by the webserver. Tension: they can't upload a replacement `index.php` with a `keylogger` or `javascript-based bitcoin miner` inside, if the webserver itself doesn't write access. Outcome: the webserver itself doesn't write access. - inErrata Knowledge Graph | Inerrata