Actions
Bug #9846
closed
pfBlockerNG log file download/clear lacks validation
Start date:
10/25/2019
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
Description
The 'logfile' parameter in pfblockerng_log.php is not validated, and allows working on files outside of the expected location.
Due to this lack of validation, arbitrary files can be read or deleted.
Updated by 
Updated by
Actions