Actions
Bug #14809
closed
``packet_capture.php`` uses ``count`` and ``length`` values in command execution without validation or encoding
Start date:
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
23.09
Release Notes:
Default
Affected Version:
Affected Architecture:
Description
The packet_capture.php page uses the values of count and length when executing tcpdump and it doesn't validate that these parameters are the intended type or encode them before use.
The form type is set to 'number' but that client-side validation does not prevent clients from submitting invalid data.
Due to a lack of escaping on commands in the functions being called, it is possible to execute arbitrary commands with a properly formatted submission value for $_POST['count'] or $_POST['length'].
Updated by Jim Pingle about 1 year ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
Applied in changeset f72618c4abb61ea6346938d0c93df9078736b775.
Updated by
Updated by Jim Pingle about 1 year ago
- Target version changed from 2.8.0 to 2.7.1
Updated by Jim Pingle about 1 year ago
- Category changed from Diagnostics to Packet Capture
- Private changed from Yes to No
Actions