The user controlled variable $page['tab'] is being sent to an include() without no checks. this will create file inclusion attacks possible. in older php versions, using a nullbyte attack, a code execution is also possible.
Fix: put an array of allowed strings.
Thanks,
The text was updated successfully, but these errors were encountered:
Hello,
There is a File Inclusion attack in the file Piwigo/admin/batch_manager.php
It does:
The user controlled variable $page['tab'] is being sent to an include() without no checks. this will create file inclusion attacks possible. in older php versions, using a nullbyte attack, a code execution is also possible.
Fix: put an array of allowed strings.
Thanks,
The text was updated successfully, but these errors were encountered: