Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authenticated Unrestricted File Deletion #1212

Open
prodigysml opened this issue Jul 23, 2018 · 8 comments
Open

Authenticated Unrestricted File Deletion #1212

prodigysml opened this issue Jul 23, 2018 · 8 comments
Labels
Web Security White Hat Reports, Cross Site SQL Injection, etc

Comments

@prodigysml
Copy link

The Issue

Unrestricted file deletion vulnerabilities are caused by overly trusting a user's input and allowing the user to manipulate the path of the file to be deleted. This may allow an attacker to create a denial of service scenario.

An attacker must be authenticated to perform this attack.

Where the Issue Occurred

The following code snippet displays the usage of the unlink function in PHP within the lh-ehr application:

unlink($_POST['docid']);

@tmccormi tmccormi added the Web Security White Hat Reports, Cross Site SQL Injection, etc label Sep 5, 2018
@prondubuisi
Copy link
Contributor

Hello @aethelwulffe how can I navigate to the option to upload or delete a template in the Librehealth application

@aethelwulffe
Copy link
Contributor

aethelwulffe commented Feb 1, 2019 via email

@prondubuisi
Copy link
Contributor

@aethelwulffe I have tried seeing the upload, delete, save template but the navigation I got don't seem to do that, can you please check again
import template

@aethelwulffe
Copy link
Contributor

I would need to figure out what, if anything, the feature still does. Might be relevant to printing labels for pill or sample bottles or something still.
-We sort of lost Terry, who was the primary guru for a large number of features.
I will try to get to figuring it all out (unless you can tell me what feature it is you are trying to affect with the template). I need to get the spanish translations posted first though.

@prondubuisi
Copy link
Contributor

Am looking to solving this Issue, But I can't do that except I know how to trigger it, this particular feature has lots of issues related to it though.

@NicoleG25
Copy link

Hi, do you plan to address this vulnerability? :)
Note that it appears CVE-2018-1000647 was assigned.

@MathurinNkenfack
Copy link
Contributor

Hi please stilll looking where to simulate this issues but it seems this functionality is not used

@Falence
Copy link

Falence commented Mar 30, 2020

Hello, I would love to work on this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Web Security White Hat Reports, Cross Site SQL Injection, etc
Projects
None yet
Development

No branches or pull requests

7 participants