Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Arbitrary file download vulnerability #1214

Closed
NULLB8 opened this issue Jun 23, 2020 · 1 comment
Closed

Arbitrary file download vulnerability #1214

NULLB8 opened this issue Jun 23, 2020 · 1 comment

Comments

@NULLB8
Copy link

NULLB8 commented Jun 23, 2020

problem

hi, The problem is in the backup plugin, the $file parameter is not filtered, resulting in arbitrary file downloads

recurrent

image

repair

https://github.com/bludit/bludit/blob/e3abd64fe47350c7de8d51fe02342e6af3b2944e/bl-plugins/backup/plugin.php#L97
Filter $file parameter

@ghost
Copy link

ghost commented Jun 23, 2020

Hi, thanks for the report. I have made a pull request - #1215

Just a note, this can only be "exploited" by a logged in admin.

dignajar added a commit that referenced this issue Jun 23, 2020
Fix #1214 Arbitrary file download vulnerability
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

1 participant