Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-1525 Issue to group security concerns
  3. OFBIZ-11949

Local File Inclusion vulnerability

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • Trunk, 17.12.04, 18.12.01
    • 17.12.06, 18.12.01
    • content
    • None
    • Bug Crush Event - 21/2/2015

    Description

      Harshit Shukla harshit.shukz@gmail.com reported this LFI vulnerability to the OFBiz security team, and we thank him for that.

      I'll later quote here his email message when the vulnerability will be fixed. It's a post-auth vulnerability so we did not ask for a CVE.

      Attachments

        Issue Links

          duplicates

          Sub-task - The sub-task of the issue OFBIZ-12080 Secure the uploads

          • Major - Major loss of function.
          • Closed

          Activity

            People

              jleroux Jacques Le Roux
              jleroux Jacques Le Roux
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: