Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authenticated Unrestricted File Write in import_template.php #1211

Open
prodigysml opened this issue Jul 23, 2018 · 4 comments
Open

Authenticated Unrestricted File Write in import_template.php #1211

prodigysml opened this issue Jul 23, 2018 · 4 comments
Labels
Web Security White Hat Reports, Cross Site SQL Injection, etc

Comments

@prodigysml
Copy link

prodigysml commented Jul 23, 2018

The Issue

Unrestricted file write vulnerabilities allow attackers to write file such as PHP files, in locations where the web server user has access to write. This may allow an attacker to write files with malicious content and may lead to remote code execution.

An attacker must be authenticated to perform this attack.

Where the Issue Occurred

The following code snippet displays the usage of the file_put_contents function in PHP within the lh-ehr application:

file_put_contents($_POST['docid'], $_POST['content']);

@tmccormi tmccormi added the Web Security White Hat Reports, Cross Site SQL Injection, etc label Sep 5, 2018
@NicoleG25
Copy link

NicoleG25 commented Jan 8, 2020

Hi, do you plan to address this vulnerability? :)
Note that it appears CVE-2018-1000646 was assigned to this issue.

@prondubuisi
Copy link
Contributor

Hi, do you plan to address this vulnerability? :)
Note that it appears CVE-20k18-1000646 was assigned to this issue.

How does this assignment work?

@NicoleG25
Copy link

Hi, do you plan to address this vulnerability? :)
Note that it appears CVE-20k18-1000646 was assigned to this issue.

How does this assignment work?

Hi, I'm not quite sure I understand your question but nevertheless here is an explanation about CVE'S.
Was this what you were referring to ?

@wisdommatt
Copy link

From my end i found out that the file that writes

The Issue

Unrestricted file write vulnerabilities allow attackers to write file such as PHP files, in locations where the web server user has access to write. This may allow an attacker to write files with malicious content and may lead to remote code execution.

An attacker must be authenticated to perform this attack.

Where the Issue Occurred

The following code snippet displays the usage of the file_put_contents function in PHP within the lh-ehr application:

file_put_contents($_POST['docid'], $_POST['content']);

**This vulnerability has already been fixed --- the file for fetching local files is now manage_site_files.php --- check manage_site_files.php on line 46 // Sanity check to prevent evildoing. if (!in_array($form_filename, $my_files)) $form_filename = '';**

A check has already been made for files a user can write

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Web Security White Hat Reports, Cross Site SQL Injection, etc
Projects
None yet
Development

No branches or pull requests

5 participants