Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello,
I would like to report for possible file inclusion vulnerability.
In file "web/add/user/index.php"
// line 86 // the source $subject = _translate($_POST['v_language'],"Welcome to Vesta Control Panel");
File web/inc/i18n.php
// line 9 function _translate() { // ... $args = func_get_args(); $l = $args[0]; // ... // the sink with file inclusion with $l require_once($_SERVER['DOCUMENT_ROOT']."/inc/i18n/$l.php"); // ... }
The text was updated successfully, but these errors were encountered:
Fix for possible file inclusion vulnerability in i18n.php
88596a8
Fix for serghey-rodin#2052
@enferas what we should write in Changelog as Credits? Credits to @enferas ?
Sorry, something went wrong.
@dpeca Thank you for confirming my report. If it is okay for you. I would like to gain a CVE for my discovery. Should I contact CVE Mite then they contact you ? or you prefer to contact them directly?
CVE-2021-43693 is assigned.
vesta 0.9.8-24 is affected by a file inclusion vulnerability in file web/add/user/index.php.
No branches or pull requests
Hello,
I would like to report for possible file inclusion vulnerability.
In file "web/add/user/index.php"
File web/inc/i18n.php
The text was updated successfully, but these errors were encountered: