Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hi, The problem is in the backup plugin, the $file parameter is not filtered, resulting in arbitrary file downloads
https://github.com/bludit/bludit/blob/e3abd64fe47350c7de8d51fe02342e6af3b2944e/bl-plugins/backup/plugin.php#L97 Filter $file parameter
The text was updated successfully, but these errors were encountered:
Hi, thanks for the report. I have made a pull request - #1215
Just a note, this can only be "exploited" by a logged in admin.
Sorry, something went wrong.
7689aa5
Merge pull request #1215 from anaggh/master
d9adc34
Fix #1214 Arbitrary file download vulnerability
No branches or pull requests
problem
hi, The problem is in the backup plugin, the $file parameter is not filtered, resulting in arbitrary file downloads
recurrent
repair
https://github.com/bludit/bludit/blob/e3abd64fe47350c7de8d51fe02342e6af3b2944e/bl-plugins/backup/plugin.php#L97
Filter $file parameter
The text was updated successfully, but these errors were encountered: