Something went wrong while setting issue due date.

[Security] - path traversal vulnerability - limited to png files

[Security] - path traversal vulnerability - limited to png files

fusiondirectory/geticon.php? path traversal vulnerabilities under CWE-35: here

The vulnerability arises from using unsanitized user input ($_GET[‘icon’]) in a call to a function that results in reading a file.

The call stack includes

-findThemeIcon()

-FindIcon()

-FindIconHelper()

-LookupIcon()

-file_exists()

Tasks

0

No tasks are currently assigned. Use tasks to break down this issue into smaller parts.

Activity

dockx thibault changed milestone to %FusionDirectory 1.5 3 months ago

changed milestone to %FusionDirectory 1.5
dockx thibault added PJ1802-0188 label 3 months ago

added PJ1802-0188 label
dockx thibault assigned to @tdockx 3 months ago

assigned to @tdockx
dockx thibault created branch 6363-security-path-traversal-vulnerability-limited-to-png-files to address this issue 3 months ago

created branch 6363-security-path-traversal-vulnerability-limited-to-png-files to address this issue
dockx thibault added Fixed Security labels 3 months ago

added Fixed Security labels
dockx thibault closed 3 months ago

closed
bmortier added To Be Tested label 2 months ago

added To Be Tested label
Alexa Oana eliza removed To Be Tested label 2 months ago

removed To Be Tested label
Alexa Oana eliza added test done label 2 months ago

added test done label
bmortier removed Fixed label 2 months ago

removed Fixed label

Please register or sign in to reply

Milestone

None

Due date

None

Confidentiality

Not confidential

0 Participants

Reference:

Menu

Explore