Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There is a File Inclusion attack in the file Piwigo/admin/languages.php
34: $page['tab'] = $_GET['tab']; // 46: include (PHPWG_ROOT_PATH . 'admin/languages_' . $page['tab'] . '.php'); // languages_installed.php
A user controlled variable is being sent straight to include(), this should have checks for allowed strings before that.
Thanks,
The text was updated successfully, but these errors were encountered:
4b33a0f
use CVE-2016-10085 for this.
Sorry, something went wrong.
fixes #573, check $_GET['tab'] against hacking attempt
8596c7d
git cherry-pick 4b33a0f
plegall
No branches or pull requests
There is a File Inclusion attack in the file Piwigo/admin/languages.php
A user controlled variable is being sent straight to include(), this should have checks for allowed strings before that.
Thanks,
The text was updated successfully, but these errors were encountered: