plainblack.com
Username Password
search
Bookmark and Share
View All Tickets
Arbitrary perl code can be executed by any user with upload permission  (#8980)
Issue

Any user with permission to upload files to the server can upload a perl module, then cause the server to execute it using a properly formatted URL.

Solution Summary
Fixed.
Comments
Graham
0
10/27/2008 6:40 pm
Fixed in 7.5.30.
Graham
0
10/27/2008 6:42 pm
Fixed for 7.6.2. Attached patch for WebGUI 7.4 and other versions.
Details
Ticket Status Resolved  
Rating0.0 
Submitted ByGraham 
Date Submitted2008-10-27 
Assigned To unassigned  
Date Assigned2016-05-30 
Assigned By 
Severity Fatal (can't continue until this is resolved)  
What's the bug in? WebGUI Stable  
WebGUI / WRE Version  
URLbugs/tracker/8980
Keywords
Related Files
Ticket History
10/27/2008
7:43 PM
Ticket edited Graham
10/27/2008
7:42 PM
Resolved Graham
10/27/2008
6:11 PM
Ticket created Graham
© 2016 Plain Black Corporation | All Rights Reserved