Project

General

Profile

Actions

Bug #6475

closed

Potential command injection vulnerability in auth.inc via system_groupmanager.php

Added by Jim Pingle over 8 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Category:
User Manager / Privileges
Target version:
Start date:
06/09/2016
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3.x
Affected Architecture:

Description

The members[] array in system_groupmanager.php is not properly validated, and is only protected by single quotes in auth.inc when used, which leads to a potential command injection.

Looking elsewhere in auth.inc there are several calls to pw that have parameters in single quotes rather than using escapeshellarg() like they should, so there may be other vectors as well.

Actions

Also available in: Atom PDF