Major Security issue

Question

tompipe opened this issue 2 years ago · 2 comments

Opening the following url allows viewing the content of (probably) any file on the system:

https://<nas_url>:5001/webman/3rdparty/LogAnalysis/index.cgi?page=contentview&resultfile=/etc/passwd

Answer 1 · 2023-09-10T07:18:47.000Z

Hi!

Thank you for reporting this security issue to me. I have just fixed the error and released a new package update.

Answer 2 · 2023-09-10T07:38:19.000Z

Speedy! 🏆