Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hi, there is an abitrary file read bug in
if(isset($_GET['url']) && !empty($_GET['url'])) { $file_path = HELP.'/'.$sysconf['default_lang'].'/'.$_GET['url']; if(!file_exists($file_path)) { echo __('File Not Found'); } else { //Convert Markdown to HTML $markdown_text = file_get_contents($file_path); //bibliography/add-new-bibliography.md
We can travel directory path and use abitrary filename in $_GET['url']. So attacker can read any file (include source code, config) in the system. PoC
$_GET['url']
This bug is excutable by everyone who has librarian role (single).
The text was updated successfully, but these errors were encountered:
Hi trichimtrich,
Thank you very much for your findings on this security issue, hopefully we can resolve this issue ASAP
Regards
Sorry, something went wrong.
mucill
idoalit
No branches or pull requests
Hi, there is an abitrary file read bug in
We can travel directory path and use abitrary filename in
$_GET['url'].So attacker can read any file (include source code, config) in the system.
PoC
This bug is excutable by everyone who has librarian role (single).
The text was updated successfully, but these errors were encountered: