SEC-DEFG-0018 PHP wrapper attack

[Luca]

Hello, everybody!

I've searched the forum but didn't found anything about this Defender attack report:
SEC-DEFG-0018
Requested URI:    /components/com_content/plugins/gallery/includes/data:image/png;base64,(...etc...)
when browsing Sample Gallery

Thank you
Gianluca

Elxis 5.3 Rev 2452
PHP 8.1.2-1ubuntu2.9

[datahell]

It seems that you have entered the image as blob (binary) data through the editor and Elxis Defender doesn't like it :-)
For the gallery, create a folder in media/images/, upload your images there, and then go to Gallery plugin and set it to load the images from that folder.

[Luca]

Hey! @Datahell!
Nice to hear you again!
I will try to do as per your suggestion. The fact is that the installation is the one out of the box. Noticing that error while testing...
Luca

[datahell]

Out of the box? Are you sure?
This: /components/com_content/plugins/gallery/includes/data:image/png;base64, doesn't look out of the box. However, I don't know, I haven't seen the site. If I could see it I would be able to tell you something for sure. Follow my recommendation in my previous reply and it will be fine. It doesn't look that important.

[Luca]

Thank you very much for your kindness
Yes. I kept everything as it was and that is the essential part of the message from Defender reporting.
Anyway, as I will go further, I will observe your directions
I could give the address but, for now and until I will be ready for the release, the access to the server is restricted to only few countries
Thank you again!!!
My best
(As always, Great Work you did! I am eager about your Team. Thank you!)