git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commit

]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/commit

projects / people / pmueller / ipfire-2.x.git / commit

author	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 30 Aug 2018 09:20:06 +0000 (10:20 +0100)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Thu, 13 Sep 2018 14:03:59 +0000 (15:03 +0100)
commit	7f6257e0a475681ff243ead159cafee2e03f6265
tree	0099d66e3c5379c5e52adc609259426396100b68	tree \| snapshot
parent	924b48c7890ef573c1400474ef92951fb9cf3ded	commit \| diff

backup: Sanitise FILE parameter

This parameter was passed to some shell commands without any
sanitisation which allowed an attacker who was authenticated to
the web UI to download arbitrary files from some directories
and delete any file from the filesystem.

References: #11830

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

html/cgi-bin/backup.cgi

diff | blob | blame | history

Peter's tree of IPFire 2.x

RSS Atom