Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

even you enable secrity .trusted_dir can be bypassed #486

Closed
xqc2000 opened this issue Sep 5, 2018 · 5 comments
Closed

even you enable secrity .trusted_dir can be bypassed #486

xqc2000 opened this issue Sep 5, 2018 · 5 comments

Comments

@xqc2000
Copy link

xqc2000 commented Sep 5, 2018

if you enable secrity .$trusted_dir is an array of all directories that are considered trusted. Trusted directories are where you keep php scripts that are executed directly from the templates . the attackers can use ../ to bypass the dir ,if they can editing the templates, they read any file they want. just use {include "file:./../../../../../etc/passwd"}
@uwetews
Copy link
Contributor

uwetews commented Sep 6, 2018

This bug has already been fixed in the master branch since 3.1.33-dev-4

@uwetews uwetews closed this as completed Sep 6, 2018
@carnil
Copy link

carnil commented Sep 12, 2018

This issue got CVE-2018-16831 assigned.

@uwetews
Copy link
Contributor

uwetews commented Sep 12, 2018

Version 3.1.33 covering the issue has just been released.

@bh-e
Copy link

bh-e commented Apr 4, 2021

@uwetews , Is this the fix for CVE-2018-16831 87ec44e

@wisskid
Copy link
Contributor

wisskid commented Apr 5, 2021

@bh-e I'd say it's probably f9ca3c6 , so actually 3.1.33-dev-1 instead of 3.1.33-dev-4 but still released as 3.1.33.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@carnil @uwetews @wisskid @bh-e @xqc2000