Skip to content

Commit 811edaa

Browse files
committed
Fixes RCE exploit by validating verb parameter for toolbox before eval (backported from 3.4)
1 parent 04a6bc9 commit 811edaa

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

Diff for: cgi/toolbox/toolbox

+5
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,11 @@ my $password = $session->param( "password" );
2525

2626
my %opts = ();
2727

28+
if ( $cmd !~ m/^[a-zA-Z0-9_]+$/ )
29+
{
30+
toolbox_fail( $session, "Invalid toolbox function" );
31+
}
32+
2833
if( !$session->valid_login( $username, $password ) )
2934
{
3035
toolbox_fail( $session, "Invalid username/password" );

0 commit comments

Comments
 (0)