Project

General

Profile

Bug #8153

Updated by Jim Pingle about 6 years ago

cert_get_publickey() in source:src/etc/inc/certs.inc takes user input and uses it in a shell command without encoding, allowing a user to pass malicious input through system_camanager.php and system_certmanager.php during the import process via the cert and key fields. 

 This requires that the user be logged in and have access to system_camanager.php or system_certmanager.php 

 Affects 2.3.x in cert_get_modulus() which uses a similar operation, but only happens in system_certmanager.php when editing an existing CSR. operation.

Back