Actions
Bug #6475
closedPotential command injection vulnerability in auth.inc via system_groupmanager.php
Status:
Resolved
Priority:
Urgent
Assignee:
Category:
User Manager / Privileges
Target version:
Start date:
06/09/2016
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3.x
Affected Architecture:
Description
The members[] array in system_groupmanager.php is not properly validated, and is only protected by single quotes in auth.inc when used, which leads to a potential command injection.
Looking elsewhere in auth.inc there are several calls to pw that have parameters in single quotes rather than using escapeshellarg() like they should, so there may be other vectors as well.
Actions