Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Fix CVE-2015-7372
Local File Inclusion -------------------- Krzysztof K. Wasielewski reported that the layerstyle parameter in al.php was not properly sanitized, causing a potential LFI vulnerability. Under normal circumstances, an attacker would need to place a file named layerstyle.inc.php in an arbitrary directory on the server and craft the layerstyle parameter accordingly to load it. If an old version of PHP is being used the server, other attack techniques might be possible, e.g. NULL-byte truncation. CWE: CWE-98 CVSSv2: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C)
- Loading branch information