Full Path Disclosure
Unknown
Vulnerability Details
Hi
as reported in email,
there is a full path disclosure in EasyDB
you fixed some of them in last commit
add this code before and "execute($params)" function call!
if(count($params) != count($params,COUNT_RECURSIVE)){
throw new \InvalidArgumentException("Invalid params");
}
this will check $params to be 1d array,
Regards
Actions
View on HackerOneReport Stats
- Report ID: 115337
- State: Closed
- Substate: resolved
- Upvotes: 1