You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To exploit this vulnerability, attacker should set up a new application (unique name, ip address/port pair) and perform path traversal in uuid parameter to remove arbitrary file.
Originally reported as WRT-01-008
The text was updated successfully, but these errors were encountered:
Issue by areynold
Monday Sep 09, 2013 at 15:46 GMT
Originally opened as https://github.com/opentechinstitute/luci-commotion-apps/issues/13
In the same code snippet as described in #11, arbitrary file
removal is possible:
https://github.com/opentechinstitute/commotion-apps/blob/3bcf912eec5d3b7b0192cf4c21e334c6775ec482/lua/luci/controller/commotion/apps_controller.lua#L534-L543
To exploit this vulnerability, attacker should set up a new application (unique name, ip address/port pair) and perform path traversal in uuid parameter to remove arbitrary file.
Originally reported as WRT-01-008
The text was updated successfully, but these errors were encountered: