security bug, low, Information Disclosure

Question

security bug, low, Information Disclosure

Closed this issue 8 months ago · 2 comments

Webalizer module references directly to directory structure in the URL but doesn't sanitize input allowing to read other users stats by traversing in their dirs.

Example:
https://example.com/?module=webalizer_stats&show=true&domain=../other_user/domain

Dukecitysolutions commented 8 months ago

Resolved!

Answer 1 · 2022-12-08T02:14:39.000Z

Resolved in v2?