Bug #8153
Updated by Jim Pingle almost 7 years ago
cert_get_publickey() in source:src/etc/inc/certs.inc takes user input and uses it in a shell command without encoding, allowing a user to pass malicious input through system_camanager.php and system_certmanager.php during the import process via the cert and key fields. This requires that the user be logged in and have access to system_camanager.php or system_certmanager.php Affects 2.3.x in cert_get_modulus() which uses a similar operation, but only happens in system_certmanager.php when editing an existing CSR. operation.