tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-30 01:05:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '225-cve-2024-35308-post-auth-arbitrary-file-read-en-seccion-plugins-de-servidor' into 'develop'

Browse Source 
Resolve "[CVE-2024-35308] Post-auth arbitrary file read en sección plugins de servidor"

See merge request artica/pandorafms!7463
This commit is contained in:
Enrique Martin 2024-12-09 15:39:57 +00:00
commit 374e62ee94
1 changed files with 36 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pandora_console/godmode/servers/plugin.php
View File

@ -217,11 +217,14 @@ if ($filemanager) {
if ($edit_file) {
$location_file = io_safe_output(get_parameter('location_file', ''));
$filename = array_pop(explode('/', $location_file));
if (empty($location_file) === false
&& strpos($location_file, realpath('attachment/plugin')) !== false
&& file_exists($location_file) === true
) {
$file = file_get_contents($location_file);
echo '<h4>'.__('Edit file').' '.$filename.'</h4>';
// echo "<a href='index.php?sec=gagente&sec2=enterprise/godmode/agentes/collections&action=file&id=" . $collection['id'] . "&directory=" . $relative_dir . "&hash2=" . $hash2 . "'>" . __('Back to file explorer') . "</a>";
echo "<form method='post' action='index.php?sec=gservers&sec2=godmode/servers/plugin&filemanager=1"."&update_file=1'>";
// html_print_input_hidden('location_file', $locationFile);
echo "<form method='post' action='index.php?sec=gservers&sec2=godmode/servers/plugin&filemanager=1&update_file=1'>";
echo "<table class='w98p'>";
echo '<tr>';
echo '<th>'.__('Edit').'</th>';
@ -248,6 +251,9 @@ if ($filemanager) {
echo '</tr>';
echo '</table>';
echo '</form>';
} else {
echo __('File not found');
}
} else {
if ($update_file) {
$location_file = io_safe_output(get_parameter('location_file', ''));