Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authenticated arbitrary code execution #676

Closed
jvoisin opened this issue Mar 13, 2017 · 2 comments
Closed

Authenticated arbitrary code execution #676

jvoisin opened this issue Mar 13, 2017 · 2 comments
Labels
enhancement

Comments

@jvoisin
Copy link

jvoisin commented Mar 13, 2017

An authenticated administrator can execute arbitrary php code by setting the CalDAV base URI, CardDAV base URI, CalDAV/CardDAV base URI, or SQLite file path fields to something like PROJECT_BASEURI . "card.php/" . "${system('id')}" . "/");

This has a relatively small impact, because one has to be logged as admin to execute code.
@evert
Copy link
Member

evert commented Apr 27, 2019

Yea this sucks. I completely rewrote the configuration system in #568 but we'll see what happens with that

@ByteHamster
Copy link
Member

This was fixed in #899

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@evert @jvoisin @ByteHamster