pfBlockerNG log file download/clear lacks validation
The 'logfile' parameter in pfblockerng_log.php is not validated, and allows working on files outside of the expected location.
Due to this lack of validation, arbitrary files can be read or deleted.
#1 Updated by Jim Pingle 9 months ago
- Status changed from New to Feedback