bpfire/html/cgi-bin/proxy.cgi at 0aff7b81965c06756ff42482ef0aa3ccfa68bf8f

mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00

Files

Michael Tremer 0aff7b8196 {proxy,chpasswd}.cgi: Fix a remote code execution vulnerability

Handcrafted requests with shell commands could be sent to these
CGI files and gain shell access as unprivileged user.

References: #11087

Reported-by: Yann Cam <yann.cam@gmail.com>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

2016-04-08 15:54:53 +01:00

143 KiB

Raw Blame History

View Raw

143 KiB Raw Blame History

143 KiB

Raw Blame History