Using .php8 in PHP handler leading to RCE

**Describe the bug**
There is no restriction for uploading the file with the .php8 extension. I encountered this situation during penetration testing of a website that uses the elFinder.
In some environments, .php8 can be executed as PHP. Especially, when the PHP is updated from a lower version to 8.x, the .php8 can be added to the .htaccess file for PHP handling like:
```
For PHP 8.0:
AddHandler application/x-httpd-ea-php80 .php .php8 .phtml
```
```
For PHP 8.1:
AddHandler application/x-httpd-ea-php81 .php .php8 .phtml
```

In another case, .php8 can be executed as PHP according to following the Apache configuration.
```
<FilesMatch ".+\.ph(p[7-8]?|tml)$">
    SetHandler application/x-httpd-php
</FilesMatch>
```

**To Reproduce**
Steps to reproduce the behavior:
1. Select arbitrary png file to upload.
2. Capture request with Burp and set content as `test<?php phpinfo();?>`
3. Set filename like `test.php8`
4. After forwarding the request, the file is successfully uploaded under the `files` directory


**Expected behavior**
I think that the `php8` can be added to the `staticMineMap` array in the `elFinderVolumeDriver` class.

**Screenshots**
![1](https://github.com/Studio-42/elFinder/assets/76125965/282e1793-cd54-40ee-89dd-d67e13542976)
![2](https://github.com/Studio-42/elFinder/assets/76125965/1ec5a61b-b297-48f4-87be-51f2c2a31fa7)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Using .php8 in PHP handler leading to RCE #3615

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Using .php8 in PHP handler leading to RCE #3615

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions