Actions
Bug #6474
closed
Command injection vulnerability in pkg_mgr_install.php, id parameter
Start date:
06/09/2016
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3.x
Affected Architecture:
Description
Command injection is possible using the id parameter on pkg_mgr_install.php
http://ip/pkg_mgr_install.php?id=firmware`/path/to/some/command`
Renato fixed it yesterday, adding this for tracking purposes.
Updated by
Actions