New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
install rce #10
Comments
Let me look into this. |
@chan115117 Did anything get added to the database? You can create the config file manually by creating
|
@mikaelstaer Just to be clear, this is a security issue leading to a Remote Code Execution vulnerability. A CVE has been published a few days ago: https://nvd.nist.gov/vuln/detail/CVE-2021-43479 |
my env:
Version 2.5
php 5.3.29
windows
At /install.php:90,user input was saved to /system/assistants/config.inc.php causing RCE
Create a new database named test";phpinfo();# and then visit /instll.php to install the website
Then visit /system/assistants/config.inc.php
The text was updated successfully, but these errors were encountered: