A Directory Traversal vulnerability
Closed this issue · 3 comments
Zh3-H4ck commented
test version:2.4.7
0x00 description
Frontaccounting is using the function clean_file_name() to eliminate '../' in the file name submitted by the user to avoid directory traversal vulnerability.
However, some variables do not use the function clean_file_name() in admin/inst_lang.php, which can cause attackers submit the language package containing the language code of '../'. Affter adding successfully, by deleting it, the attacker can emptied specified folder like the examples.
admin/inst_lang.php:156
0x01 Example:empty admin folder
FrontAccountingERP commented
Yes, indeed. Fix is added to the repo.
cambell-prince commented
Yes, indeed. Fix is added to the repo.
Should this issue be closed?
Zh3-H4ck commented
ok