git.ipfire.org Git - people/ms/ipfire-2.x.git/commit

]> git.ipfire.org Git - people/ms/ipfire-2.x.git/commit

projects / people / ms / ipfire-2.x.git / commit

author	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 30 Aug 2018 09:20:06 +0000 (10:20 +0100)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 30 Aug 2018 09:20:06 +0000 (10:20 +0100)
commit	efafc1080ac5a89248d40df069787643649ad2ff
tree	2b9bb0b7307324a0a884767f14d38199141978c0	tree
parent	fd313a1ae690ce95d91802fea0d94d85da084fd8	commit \| diff

backup: Sanitise FILE parameter

This parameter was passed to some shell commands without any
sanitisation which allowed an attacker who was authenticated to
the web UI to download arbitrary files from some directories
and delete any file from the filesystem.

References: #11830

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

html/cgi-bin/backup.cgi

diff | blob | blame | history

Michael's tree of IPFire 2.x.

RSS Atom