tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-07-29 16:55:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '225-cve-2024-35308-post-auth-arbitrary-file-read-en-seccion-plugins-de-servidor' into 'develop'

Browse Source 
Resolve "[CVE-2024-35308] Post-auth arbitrary file read en sección plugins de servidor"

See merge request artica/pandorafms!7463
This commit is contained in:
Enrique Martin 2024-12-09 15:39:57 +00:00
commit 374e62ee94
1 changed files with 36 additions and 30 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
pandora_console/godmode/servers/plugin.php
View File

@ -217,37 +217,43 @@ if ($filemanager) {
if ($edit_file) {
$location_file = io_safe_output(get_parameter('location_file', ''));
$filename = array_pop(explode('/', $location_file));
$file = file_get_contents($location_file);
echo '<h4>'.__('Edit file').' '.$filename.'</h4>';
// echo "<a href='index.php?sec=gagente&sec2=enterprise/godmode/agentes/collections&action=file&id=" . $collection['id'] . "&directory=" . $relative_dir . "&hash2=" . $hash2 . "'>" . __('Back to file explorer') . "</a>";
echo "<form method='post' action='index.php?sec=gservers&sec2=godmode/servers/plugin&filemanager=1"."&update_file=1'>";
// html_print_input_hidden('location_file', $locationFile);
echo "<table class='w98p'>";
echo '<tr>';
echo '<th>'.__('Edit').'</th>';
echo '</tr>';
echo '<tr>';
echo '<td>';
echo "<textarea name='content_file' class='w100p height_400px' >";
echo $file;
echo '</textarea>';
echo '</td>';
echo '</tr>';
echo "<tr align='right'>";
echo '<td>';
html_print_input_hidden('location_file', $location_file);
echo __('Compatibility mode').':';
$options = [
'unix' => 'Unix',
'windows' => 'Windows',
];
html_print_select($options, 'compatibility', $compatibility);
echo " <input type='submit' name='submit' value='".__('Update')."' class='sub upd' />";
echo '</td>';
echo '</tr>';
echo '</table>';
echo '</form>';
if (empty($location_file) === false
&& strpos($location_file, realpath('attachment/plugin')) !== false
&& file_exists($location_file) === true
) {
$file = file_get_contents($location_file);
echo '<h4>'.__('Edit file').' '.$filename.'</h4>';
echo "<form method='post' action='index.php?sec=gservers&sec2=godmode/servers/plugin&filemanager=1&update_file=1'>";
echo "<table class='w98p'>";
echo '<tr>';
echo '<th>'.__('Edit').'</th>';
echo '</tr>';
echo '<tr>';
echo '<td>';
echo "<textarea name='content_file' class='w100p height_400px' >";
echo $file;
echo '</textarea>';
echo '</td>';
echo '</tr>';
echo "<tr align='right'>";
echo '<td>';
html_print_input_hidden('location_file', $location_file);
echo __('Compatibility mode').':';
$options = [
'unix' => 'Unix',
'windows' => 'Windows',
];
html_print_select($options, 'compatibility', $compatibility);
echo " <input type='submit' name='submit' value='".__('Update')."' class='sub upd' />";
echo '</td>';
echo '</tr>';
echo '</table>';
echo '</form>';
} else {
echo __('File not found');
}
} else {
if ($update_file) {
$location_file = io_safe_output(get_parameter('location_file', ''));