Skip to content
Permalink
Browse files Browse the repository at this point in the history
Patched the RCE (#636)
I have patched the file upload directory traversal to Authenticated Remote Code Execution Vulnerability.
  • Loading branch information
febinrev committed Nov 12, 2021
1 parent c1718ff commit 2046bbd
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion tinyfilemanager.php
Expand Up @@ -880,7 +880,7 @@ function get_file_path () {

$targetPath = $path . $ds;
if ( is_writable($targetPath) ) {
$fullPath = $path . '/' . $_REQUEST['fullpath'];
$fullPath = $path . '/' . str_replace("./","_",$_REQUEST['fullpath']);
$folder = substr($fullPath, 0, strrpos($fullPath, "/"));

if(file_exists ($fullPath) && !$override_file_name) {
Expand Down

0 comments on commit 2046bbd

Please sign in to comment.