Project

General

Profile

Bug #9846

pfBlockerNG log file download/clear lacks validation

Added by Jim Pingle 9 months ago. Updated 8 months ago.

Status:
Feedback
Priority:
Very High
Assignee:
Category:
pfBlockerNG
Target version:
-
Start date:
10/25/2019
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

The 'logfile' parameter in pfblockerng_log.php is not validated, and allows working on files outside of the expected location.

Due to this lack of validation, arbitrary files can be read or deleted.

History

#2 Updated by Jim Pingle 8 months ago

  • Private changed from Yes to No

Also available in: Atom PDF