You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An authenticated administrator can execute arbitrary php code by setting the CalDAV base URI, CardDAV base URI, CalDAV/CardDAV base URI, or SQLite file path fields to something like PROJECT_BASEURI . "card.php/" . "${system('id')}" . "/");
This has a relatively small impact, because one has to be logged as admin to execute code.
The text was updated successfully, but these errors were encountered:
An authenticated administrator can execute arbitrary php code by setting the
CalDAV base URI
,CardDAV base URI
,CalDAV/CardDAV base URI
, orSQLite file path
fields to something likePROJECT_BASEURI . "card.php/" . "${system('id')}" . "/");
This has a relatively small impact, because one has to be logged as admin to execute code.
The text was updated successfully, but these errors were encountered: