Please sign in to comment.
XML Import: Fix php code injection vulnerability
Egidio Romano discovered a vulnerability in the XML import plugin. User input passed through the "description" field (and the "issuelink" attribute) of the uploaded XML file isn't properly sanitized before being used in a call to the preg_replace() function which uses the 'e' modifier. This can be exploited to inject and execute arbitrary PHP code when the Import/Export plugin is installed. This fix is a partial backport from a master branch commit which has been confirmed as addressing the issue (8401753) excluding changes not relevant to fixing the security issue, including subsequent fixes (aea1a34, 4350b4d). Fixes #17725 (CVE-2014-7146)
- Loading branch information...
Showing with 20 additions and 9 deletions.