mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-09 18:45:54 +02:00
7f6257e0a4
This parameter was passed to some shell commands without any sanitisation which allowed an attacker who was authenticated to the web UI to download arbitrary files from some directories and delete any file from the filesystem. References: #11830 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>