Menu

#38 update to previous bug

open
Vincenzo Valvano
Generic (22)
5
2004-10-14
2004-10-14
kuba tyszko
No

my patch seems to help a little but it's still possible
to view any file with html injection:

http://my.server.com/cwfm/View.php?view=E5homeE5kubaE5E4E4E5E4E4E5etcE5passwd&file=E4article

(i mean /home/kuba/../../etc/passwd ).

i'll also try to fix this soon.

Discussion

Log in to post a comment.

MongoDB Logo MongoDB