Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
bug#0002433: CVE-2014-2328 Unspecified Remote Command Execution Vulne…
…rability

git-svn-id: svn+ssh://repo.cacti.net/var/data/svnroot/cacti/cacti/branches/0.8.8@7442 860744bd-22fc-0310-8c96-e9fe5004b5ca
  • Loading branch information
ronytomen committed Mar 30, 2014
1 parent 0afb31a commit 2105b9e
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
1 change: 1 addition & 0 deletions docs/CHANGELOG
Expand Up @@ -5,6 +5,7 @@ Cacti CHANGELOG
-bug#0002386: cli/upgrade_database.php is missing the last two releases
-bug#0002405: SQL injection in graph_xport.php
-bug#0002390: Poller/script issue with slash and backslash
-bug#0002433: CVE-2014-2328 Unspecified Remote Command Execution Vulnerability
-bug. fix COMMENT handling, even in case COMMENT is empty, with or without HR and with variable substitution
-bug: fix issues when SNMP data holds a "="; "explode" must be treated accordingly
-bug: fix filter highlighting on data sources for the data template field
Expand Down
4 changes: 2 additions & 2 deletions lib/graph_export.php
Expand Up @@ -339,15 +339,15 @@ function export_ftp_ncftpput_execute($stExportDir) {
chdir($stExportDir);

/* set the initial command structure */
$stExecute = 'ncftpput -R -V -r 1 -u '.$aFtpExport['username'].' -p '.$aFtpExport['password'];
$stExecute = 'ncftpput -R -V -r 1 -u ' . cacti_escapeshellarg($aFtpExport['username']) . ' -p ' . cacti_escapeshellarg($aFtpExport['password']);

/* if the user requested passive mode, use it */
if ($aFtpExport['passive']) {
$stExecute .= ' -F ';
}

/* setup the port, server, remote directory and all files */
$stExecute .= ' -P ' . $aFtpExport['port'] . ' ' . $aFtpExport['server'] . ' ' . $aFtpExport['remotedir'] . ".";
$stExecute .= ' -P ' . cacti_escapeshellarg($aFtpExport['port']) . ' ' . cacti_escapeshellarg($aFtpExport['server']) . ' ' . cacti_escapeshellarg($aFtpExport['remotedir']) . ".";

/* run the command */
$iExecuteReturns = 0;
Expand Down

0 comments on commit 2105b9e

Please sign in to comment.