Potential code injection in fun delete_directory
Medium
Vulnerability Details
Under /system/ee/legacy/libraries/Functions.php, function delete_directory contains calls to `exec` 3 times using different, potentially "unsanitized" paramateres. As the PHP manual suggest, `escapeshellarg` should be used to sanitize individual arguments [1].
On an implementation in which the attacker controls the file name, arbitrary code execution is achieved. Better to fix it.
[1] http://php.net/manual/en/function.escapeshellarg.php
Actions
View on HackerOneReport Stats
- Report ID: 250587
- State: Closed
- Substate: resolved
- Upvotes: 2