Actions
Bug #9846
closedpfBlockerNG log file download/clear lacks validation
Start date:
10/25/2019
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
Description
The 'logfile' parameter in pfblockerng_log.php is not validated, and allows working on files outside of the expected location.
Due to this lack of validation, arbitrary files can be read or deleted.
Actions